white box testing(you are aware of network infrastructure,IP Scheme,routers,switches,firewalls,IDS/IPS,HIPS in place)
black box testing(Dont have any idea of network scheme,infrastructure,kinda blind testing and simulate the real hacker penetration,more dangerous and chances of resource unavaliablity is high in network)
gray box testing(internal VA PT Testing,using social engineering)
For performing these you need to sign a Non-disclosure Legal Document between you and vendor and for that you must be having legal license for performing Pen-Testing.like thorn said C|EH,CPTS,LPT,ECSA,SANS GIAC Ethical Hacker or Offensive Security OSCP,OWSP etc.
the basic steps are
Gaining entry and maintaning access
so if you know about these steps preety sure you are aware of pen-testing and VA.for getting IP there is many ways
sites like readnotify.com provides self-destruction mail service.which you can send to victim so when he will open it.you will get a notification of reading mail and will get the ip.another way is social engineering.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.