So you have done your homework, and done your vulnerability analysis and found several vulnerabilities. Now it is time to exploit them.
Before you start writing your own exploits you should of course check if there are some already written.
Do not just grab any exploit on the internetz. If it contains shellcode it might be you that is getting hacked. On Exploit-db and Security focus they vet the exploits before they are published so it is at least a bit more secure. But be paranoid, and don't trust shellcode or code that you didn't write.