As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with every testing engagement. Sometimes, the best way in is to just try the front door. If you can learn to master a simple, repeatable process of testing the login screens of any application, device or account, you will save yourself time and effort with establishing the scope of an engagement.
The best approach to any engagement is once you have the scope of what you are testing, do some research online to see what you can find that is common knowledge. Never assume that the owner has done this step, usually they do not. An example would be if you are testing a company's network infrastructure and you know they have cisco network devices, try searching online for what the factory admin credentials are by default. You will be surprised at how many clients will leave the admin creds unchanged after years of implementation.
Next step would be to try and password crack the admin account. Since you already know that the admin username for cisco devices is admin, try brute forcing that login with a standard wordlist (no more than 6-8 characters long for efficiency). Once completed, you will be able to get a good grasp on the security experience at this clients company. Most mindsets of the people managing these devices is “ get it set up and move on”, so if you are not able to crack the admin password of more than 8 characters, it is safe to say you need to find another avenue of attack to breach into this clients infrastructure.
Lastly, trying the above steps on an internal employee account would be another easy approach to gaining quick access. It shouldn't be hard to guess the domain of the user accounts as you should be able to find this online (usually the company name like @google.com). Then with a little online research for employees that work at the company, you could try brute force logins with different combinations of the employees first and last names. Pair these combos against your 6-8 word password list and see what you get.
At the end of the day, being able to come up with an attack strategy similar to this that allows for quick execution on multiple targets will allow you to become an efficient penetration tester in the long run.