Number one, throw ebay out the window. You'd be lucky to find easy apache servers, brand spanking new, that are able to be penetrated. I would suggest looking in to the realistic missions on this site, and maybe the pen testing missions on Hellboundhackers.
I don't understand what you mean by full control, do you mean administrative powers? If so, there are thousands of possibilities.
When getting ready for an attack, you want to proxy chain yourself and all used applications. This will ensure it is harder to track. Most people who get caught may use a proxy to check out the site, but when doing a DOS or using nmap, they aren't hidden at all. Make sure things like nmap are going through a proxy as well.
The fun in penetration testing is definitely finding vulnerabilities yourself.
Like everybody I make suggestions to, I suggest you buy and read Hacking Exposed 6, and maybe 7. You don't have to read the full book, there are different sections that teach about applications, web hacking, network hacking, system hacking, etc.
Hop on Google and search around, web hacking is a story of its own. It'll take at least 3-6 months, if you really get in to it, to find out everything you want to know.
“True hacking is like skydiving, you want to make sure you have arms, because nobody’s going to be there to pull the chute for you.”