If you haven't checked out the Metasploit Framework yet, check it out. If you haven't heard of the thing, it's basically a tool for testing exploit code. But it comes with a bunch of exploits and payloads set up and ready to be ran against machines. I'm far from a hax0r, but I was able to open up a VNC connection to some random machine in my classroom that hadn't been patched in the last few weeks. Very impressive.
It's almost like watching actors on TV hacking. Of course, I'm not advocating using this tool for evil. But ignoring the thing would be down right silly. Plus, an up to date copy with the latest exploits sure would make testing things out a lot easier for security type folks. But for people like myself, it definitely makes you check to see that windows update is set to run automatically