Honestly, exploiting something usually depends on the setup. Unless you are getting into the blood and veins of ASP to exploit the framework itself, you'd have to stick with exploiting whatever it is that someone has set up. If it's outdated, you can google to find vulnerabilities or exploits. Other than that, good ol pentesting on common ASP holes might work?
For those about to hack, I salute you.