You can do a lot of learning-by-doing without actually exploiting vulnerabilities, or even doing anything illegal. Especially if you're on a college campus with an interesting computer network, and ubiquitous wireless networks (for relative anonymity). Do port scans (nmap) and explore interesting services you find (with netcat + google), dump DNS entries for campus and grep for interesting words, then do more port scans, etc.