[wuest]

Short answer: yes.

Long answer: Sometimes. It's also one of the most frustrating things you can engage in. Up until the point where you have a 'eureka' moment, you feel like every step you've taken was through a tar pit. Pentesting is definitely full of pain; it's easy to imagine it's nothing but an adrenaline rush, since that's what people are inclined to discuss--but that's not the case at all.

Edit to answer the other half of the statement: Pentesting is not dangerous. Malicious network activity (i.e. network activity which the target does not desire) is dangerous. There are lots of great resources (OffSec offers fantastic training, for example) on the topic, and there are gobs of free resources as well (CoreLan, interactive stuff like SmashTheStack's CTFs, DamnVulnerable Linux, etc.) for learning about the topic--tools, methods and such.