Hi everyone.

Firstly clearly I'm a newbie with everything security related, and I figure I'll be straight with you all as to what I'm looking into rather than shitty euphemisms like "I forgot my Facebook password can someone hack it for me lolz". If the answer is no that's fine I'm just curious.

Looking into pen testing has been amazing for me. I'm finding it so interesting and reading a ton of books, watching a ton of videos and spending weeks on testing out different things in a pen lab. To me it's almost like waking up and looking at the internet in a new way, something extremely cool. My biggest urge now though is to try and find out how secure lots of different places are, and what "real world" security is like. It seems in a pen lab there is always a vulnerability, always a known result, and almost like a forgone conclusion. It seems so exciting to spot something "in the wild". Writing it down it sounds so geeky but hey, you guys probably understand.

Saying all that, I am genuinely not in it to damage something that isn't mine or have any malicious motivations at all, only my curiosity. My question then becomes - is there any way to explore a server in the real world, detecting vulnerabilities and finding out what could be done, but maintaining legality because you never actually exploit he system? If anything you could possibly notify the owners of the vulnerability. I'm thinking the answer will be no, but your advice is appreciated.

Cheers.