Need practice
But, what's more fun that attacking a box that doesn't have a vulnerability purposely put into it?
You can practice on my server. My dyndns is jonnycake.kicks-ass.net . That resolves to my computer. If you want a list of services that I have so that you can think of how you want to attack:
port 22 - SSH - OpenSSH 4.3p2 Debian 9etch2 (protocol 2.0) port 80 - HTTP - Apache/2.2.3
http://seattle.craigslist.org/
maybe try spending the $20 it takes to buy a PoS computer, and configure and set up your own network?
It's always suprising what you can get decent computer for.
I run a network with a P2 box running XP, a crappy old laptop running solaris, my old games rig (Athlon 64) running Suse, My main PC running vista and Mandriva and my main laptop that runs vista and Slax the whole set up to buy now would be about £1000 most of that would be my main rig the rest costs about £200 get some old shitty boxes and set up a hacker lab using free operating systems look on Ebay and you can get P2 and P3 systems for between £10 and £50
setting a web server up is a piece of piss ODBC links on XP are simple the only arse ache is the permissions so its safe enough to be a challenge
It'll be more fun though if you made a lab with several pcs and virtual machines installed in it, that means you'll have more to play with.
Here's an irongeek article on making your own lab: http://www.irongeek.com/i.php?page=security/building-an-infosec-lab-on-the-cheap