First, the important ethical considerations:
Never attempt to probe or break security on any system without explicit authorization. (As the sysadmins of your own systems you are authorized to experiment responsibly on your own systems, if you coordinate your activities with your co-sysadmins and take necessary precautions.)
Follow the CYA principle: Cover Your Ass, and obtain explicit authorization in writing before doing any security experimentation on any system not your own.
If you should notice a possible vulnerability on someone else's system, notify the people responsible for that system discreetly. Do not attempt to demonstrate the vulnerability without their knowledge and permission.
Not following these principles is likely to get you in trouble in a number of ways:
Most importantly, you are likely to lose the trust of others if you irresponsibly exploit security problems.