Most actual hacks are carried out after after the information gathering phase. Because this means gathering information available in the public domain, it's step often missed out in pentesting.
Pentesting often begins with the process of scanning and enumeration to identify weaknesses. Scanning with tools identifies the services and open ports running on the target computer. Scanning builds up in stages, stopping when sufficient information is gathered. It begins with stealthy hard to detect scans and slowly steps up to noisy easily detectable scans involving pinging.
Enumeration involves arranging these weaknesses in order according to their chances of success. Knowing the possibilty of success requires some knowledge of the possible exploits that could be used to take advantage of the identified vulnerability.
Matching weaknesses to likely exploits is a vital part of the planning process. The planning process also requires fallback alternatives to try in case the initial attempt fails.