Look for vulnerabilities in the page's coding, some pages are vulnerable to css or java injections or even mysql injections, if its not then you can crack the username's password depending on the type of login the site has. Look for open ports, try to finger the server, you can use keyloggers onthe target user etc. There is alot of other methods that I don't even know about yet, but read up on things like SQL injections, Java Injections ans CSS. It will do you good.