In some penetration tests, tools and applications only get you so far.
The human element can sometimes be key to breaking those tougher engagements. While the human element sometimes means phishing, in other cases it can mean using IT's processes and procedures against themselves to gain access to the internal network.
Watch the video featuring Nate Drier, SecureWorks Security Analysis Consultant, that covers an engagement where IT ended up being their own worst enemy and accidentally handing over the information needed to penetrate the network.
I was on a team conducting an internal pen test and having a really tough time gaining any traction, we had compromised one server that really didn't lead us anywhere. However when I logged into it, I noticed the C drive was almost full and had an alerting software agent on the server, so I thought if we fill up the C drive, it will send out an alert to someone and they would log in to see what was wrong.
So I wrote a script to fill up the C drive with some plain text files that were very large. It filled up the C drive, sent an alert to an admin, the admin connected into the machine and at that time I was running a piece of software that would dump all the clear text passwords from memory, so the second the person logged in, I ran the tool and we captured his credentials which happened to be domain admin and led us to compromise the rest of the network.