Nmap version scanning would give you the most info the quickest. Then just research on exploit-db or the other vuln sites. If you run into problems with the results, you may need to dig a little deeper manually. For example, maybe the banner was changed and that's all nmap reviewed. In the case of a web server, try HTTPrint in addition to nmap.

Also, see if you can find another service that discloses information (i.e. snmp may show ports / processes).

Some may require manual review. Instead of there being a vuln with the web server, maybe you have to explore the web app (view source, etc.) to find the version of the app and see if it has any associated vulnerabilities with that.

I don't think you need to do any fuzzing unless you do the Extra Mile exercises in the exploitation module.

I did to arrive to the lab yet, but I think the fuzzing is good. I am doing the extra mile and you begin to understand how to manage the exploit and modify it. This is showing me a good understanding how to attack machines no just copy and paste tools.

if you only check TCP you are doing a half penetration test. ALWAYS check UDP!

Thanks for sharing your views. I have seen people using the term "Low Hanging Fruit". Any tips how to identify these?

Thanks very much!

WHen i was stuck and did not know how to proceed, I found it useful to look at videos on youtube and securitytube.net to see how others had approached similar problems. g0tmi1k.blogspot.com has a lot of videos as well, although the machines being hacked are totally different, when you see the videos you understand the approach that is taken from info gathering to validating possible vulnerabilities to getting a shell and the final privilege escalation. Once you understand the approach, it should help you progress faster