Exploiting websites that face the Internet will typically be the most viable option in cracking the perimeter of an organization. There are a number of ways of doing this, but the best vulnerabilities that provide access include Structured Query Language (SQL) Structured Query Language injection (SQLi), Command-line Injection (CLI), Remote and Local File Inclusion (RFI/LFI), and unprotected file uploads. There is a copious amount of information regarding the execution of vulnerabilities related to SQLi, CLI, LFI, and file uploads, but attacking through RFI has rather sparse information and vulnerability is prevalent.
To look for file inclusion vectors, you need to look for vectors that reference resources, either locally on the server such as files, or to other resources on the Internet:
http://www.example.website.com/?target=file.txt
Remote file inclusion typically references content from other sites or incorporations: