What do you guys think you need to know or be to be a Pen Test Ninja?

<ramble>
Jesus... I've been going through AT&T syntax Assembly now for a few months interspersed with JNCIS-SEC (fast track leisure study) and a hodge-podge of other things... Definitely time consuming.
</ramble>

I'd have to say the following in order:

Operating Systems
Networking
Creativity
Programming
Applications
Databases

Operating Systems
Operating systems - You'd want to obviously know your way around most common operating systems. Any and all you can learn is beneficial. I had to puke RACF stuff for a while as it wasn't commonly used. I suggest for *nix based systems, familiarizing yourself with Rosetta Stone (http://bhami.com/rosetta.html). For Windows - whatever you can get your hands on. I'm definitely not as strong as I should be for Windows based systems from the administrative side however, from the compromise side I have no problems.

The difference in this (strength/weakness) is, on a *nix box, I'm versatile and stealthy. Penetration comes easier believe it or not via way of system administration. I'm familiar with the system itself. I know what perms, groups, filetypes, etc., to target. On a Windows machine there are many variables many don't take into account (DLL's, OCX, misconfigured groups, etc.)

Networking
If you don't know HOW it's connected. HOW would you know how to escalate throughout the network. Understanding networking topology, traffic patterns, packets, etc., can save you an enormous amount of time and resources not only from a penetration testing perspective, but also from a troubleshooting perspective. Imagine performing a pentest WITHOUT the usual network enumeration tools (netmap, hping, etc.) Can you garner information about another machine? How? TTL, Window Size, DF and TOS are your friend. Each OS has their own parameters, e.g.:

Linux 2.2.x TTL 64 Window Size 32120 DF n TOS 0
Windows 9x/NT TTL 32 Window Size 5000 thru 9000 DF Y TOS 0

This is information that could be gathered using tcpdump, Wireshark... *Sniffer of choice* without having to run nmap. So think about this for a moment... Do you ALWAYS need to use NMAP? Not really. Versatility!

Creativity
Life is too short, yet too long to be doing the same old same old. Use your brain and have fun with what you do. Don't be afraid to break from the herd and try out your own thing from time to time.

Programming
Must... Any language, any time, all the time. Pick your poison. Don't let zealots stop you from learning a particular language. Each has their own pro and cons and I don't believe any specific one is better than another. There are preferences. I use a combination of perl, python, expect, shell and ruby for "scripting" and automation. Depending on what I need done, I pick one suitable for the moment. From a pentest perspective, you may need to be this versatile. For example, suppose on a pentest you escalate to a machine where you don't have a specific language - say perl or python... Then what? Can you accomplish your task with normal system commands, awk, sed, etc?

From a "security research" point of view... Assembly (at least understanding it) helps immensely if you're into bug hunting, creating oh day, etc.

Applications
You don't necessarily need to be a grandwizard in applications however, I suggest learning about the OSI layer instead and understanding at which intersection do programs play with each other. Session Layer, Presentation Layer, Application Layer. Each has a distinct role at the end of the day and each WILL have a weakness.

DB/SQL
Personally, I feel this falls into programming. SQL syntax is pretty common across the board. Setting out to study say Oracle would be a full time job. Not to mention, for that might as well become an Oracle DBA (they make a killing!). I say, understand the general syntax.

Last but not least... Again, have FUN with what you learn. If you're doing it solely for the money, you'll fail. Sure there is money to be made as a pentester, security professional, ethical hacker, NAME_YOUR_ROLE however, when you're passionate about what you do and you enjoy it, you're likely going to retain more of what you learn and it will become easier to accomplish what you set out to do.

As a bit of completely shameless self promotion, you could always check out the book that Tom and I wrote 

http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_1?ie=UTF8&s=books&qid=1283734970&sr=8-1

It'll be out toward the end of this month.

I know I'm looking forward to getting it. It's just going to be a while before I get to read it. Still trying to find time to read Tom's build a lab book.

@impelse

It does look good though doesnt it....

@Sil: A few months ago, I would have been shocked to see "creativity" in third place. But now, I almost feel it should be in second place... (I miss a lot of that...)

For Operating Systems, what would you say is better: Know about 20% of 10 different OS or knowing very, very well Windows and Linux/Unix? (Although Windows XP and Windows 2008 Server are quite different!)

I ask this question because I know Windows and Linux "enough", maybe 50% of each. I am about to get my hands durty with FreeBSD and then focus more on the network side (online Cisco courses!!).

While this is certainly not a waste of time, could I use my time on more important things? (it depends of course, but still...)

Seriously a tough call here so I will explain my take on this. For what it's worth and where it counts more, I say *nix based systems with my reasoning for this answer following.

Browse over to Netcraft and have a look at what most Fortune 100's are running. Take a pick at a specific industry and have a serious look at what's powering them. If you answered Windows + MSSQL, you're way off base.

Oracle + Linux or Solaris move data around for some of the biggest companies on the planet. Citigroup - Solaris, Major League Baseball which pushes some serious databases, Solaris + Oracle,

Chase - Solaris
http://searchdns.netcraft.com/?host=chase.com&x=0&y=0

Citibank - Solaris
http://searchdns.netcraft.com/?restriction=site+contains&host=citi.com&lookup=wait..&position=limited

Bank of America - Solaris
http://searchdns.netcraft.com/?restriction=site+contains&host=bofa.com&lookup=wait..&position=limited

Chevron - Linux
http://searchdns.netcraft.com/?restriction=site+contains&host=chevron.com&lookup=wait..&position=limited

AT&T - Linux
http://toolbar.netcraft.com/site_report?url=http://www.att.com

And the list goes on. This is not to say that Windows isn't used, but it's not truly used where the cash is flowing. This is where you'd want your client-base, where they won't balk at your fees as a pentester. Government work? Solaris + Other nix variants all the way.

With that said, this is the server side. Where the most precious data is housed/stored/transmitted. In the office environment, Windows rules but the harsh reality is, somewhere along the lines you WILL need to know *nix based systems. So ask yourself, do you want to pentest a webserver or some local desktops for a "fistful of dollars" or would you rather go with where you'll not only earn some serious money, but get around to playing with "big boy toys"

That's exactly what I though. In the government, I have seen many internal servers using Windows/MSSQL Server while their internet facing boxes have Solaris, Linux or AIX, all backed by Oracle.

But what about FreeBSD, OpenBSD and NetBSD? Have you seen them at least a little bit around? I haven't...