nmap can be used to scan for open ports. for example if stmp port is open, it might mean that you can send emails thru their server, which would most likely get their domain disabled if you send mass spam thru their stmp.
rest is done by vulnerability scanners, such as acunetix (google for web vulnerability scanner or exploit tools..etc). metasploit is also one nice thing, however its quite old and doesnt have much in it against nowday stuff.
i also forgot to check what hosting they are using. i already checked their dns zone file, check it yourself and then do a ip whois on the server IP.
to do check for dns zone file, google for something like "how to do dns zone transfer" or "dns zone transfer tool", theres some online services for that. note that this is only possible if server is incorrectly setup.
then you will get their server ip, which can also be get by recording some traffic while you browse their site.
now use that IP to do a ip whois (google for "ip whois"). that will give you the IP results, who it belongs to, then google for that hosting company, go to their website and find out about that hosting. look/ask for one specific thing. if they have limited transfer bandwitdh per month. if its limited, find out how much is limit, usually its small enought so you can use Luigi's method to make continuous download, so it downloads something over and over again and by doing that, it kills the site bandwitdh. if they have payed hosting, they will get charged for it, if its free, site will go down (in some payed, site will go down and they get extra charge).
go to
Knowledge Database and search for "continuous download" to see how it can be done.
we did that to one idiot admin with about 5 ppl and he got charged so much that he either didnt want or was unable to pay, so that domain is down ever since (about 3 years).
/////////////////////////////////////////////////////////////////////////
now one other thing, is to find out what website and/or forum system they are running, or well any of the systems running on their server and google for "xxxxx exploits" or "xxxxxx vulnerabilities". one good site to be checked is milw0rm.com
sometimes you might get lucky and find some written exploits that can be used on some of the php programs running in their server to fuck it up.
i didnt really look, just ran the scan, but i think they using either phpbb or vbulletin.
and finally, ofcourse there is manual hacking, which usually gives most results. for example cookie stealing, you get/make cookie stealer, you implant the link to your cookie stealer into image for example (on their site/forum, wherever you can post) and if they click it, you get their cookie. if you get admin cookie, you will have admin rights, it is probably not enought to go into admin panel, but enought to delete posts and click the evil "prune" forum button for example and set time to 0, so it deletes everything.