Plain and simple: research.

Check out the Wargames tutorials as they give insight into the process of launching an attack. In a simple form:

1. Attackers pick a target

2. They do research on the target;
- Whois, nslookups: find out physical locations, server locations
- dumpster diving
- social engineering
- network/computer footprinting (find out what services are running on what OSes)
- research vulnerabilities of what was found

3. Either DoS attack or break into the system. If it's a DoS it stops here. If it's a break in..
- Obtain account from step 2.
- use said account to run exploit on system based on information found in step 2
- exploit system to elevate privileges
- take whatever the target is (data, CCs, etc.)

4. Cover tracks and put in backdoors
- alter logs or delete logs to hide activities
- put in hidden account(s) so that target can be compromised again.