You say that you have permission from others to hack/pen-test their sites yet you have no idea how to do so. I strongly suggest setting up a home lab, reading some books/articles, playing with the tools and trying to figure out what you are doing before you play with someone else's network. Without understanding what you are doing, you won't be able to produce anything of value for your target and you may inadvertently break something because you didn't understand the consequences of a tool (e.g. an exploit that kills the targeted service). If you can practice/learn at home, read books, maybe take a training class or two, you may be able to work your way into a junior position where you can carry out actual penetration testing under the watchful eye of more senior people who can provide some guidance. Are you working in IT now? Does your company have a security department or security staff?
There is no specific tool that you use for hacking/pen-testing. It's all about context. You'll use different tools depending on whether the target is a specific system/web app or an enterprise network. You'll probably have some favorite tools for various common tasks (e.g. nmap for port scanning), but you'll need to know which tools to use depending on what you find. What services can you access? What versions? What is the underlying OS? Can you connect directly to your target or do you have to gain a foothold on another system first? The number of questions/variables that will come up is infinite. The more you know and the more experience you have, the better prepared you will be to find the answers.
If you want a book on hacking, try Hacking Exposed, Counter Hack, or Professional Pen Testing Vol. I. For web applications, the Web Application Hackers Handbook is very good. I have the 2nd edition, but a new one came out recently. Heck, read everything you can get your hands on.
You should also check out this guide by Sil, another member of this site:http://www.infiltrated.net/pentesting101.html
Do everything Sil says in his tutorial. Plan to learn networking, programming, and how to manage Windows and one or more variants of Unix/Linux.
Learning a couple of tricks to hack into undefended sites is easy, but if you want to operate at a high level you need to understand networking, system administration, and some programming in addition to understanding a wide variety of security tools and the concepts behind them. You'll have to move beyond using canned tools to building your own and, especially with web apps, learning to find new vulnerabilities and exploit them.
BS in IT: Security, CISSP, CEH. MBA in progress.