"+" in .rhost or hosts.equiv access control testing accounts not disabled accounts, default Active-X Admind advisories AFTP aliases anonymous ftp writable archiving audit logs and if disabled banners (telnet and smtp) bootparam (NIS) browsers brute-force methods bugs CGI scripts (test-cgi, test-env, nph-cgi, phf) chargen (port 19) chroot cookies CRC check cron jobs crypt daemons data flood daytime service (port 13) debug mode decode alias defaults denial of service attacks directories owned by unknown owners directories owned by unknown groups directories which are world writable directories which are world executable domains dot...dot check echo encryption type Exec (Rexec) (port 512) EXPN enabled exports file failed login attempts file system change detection files owned by unknon owners files owned by unknown groups files - world writable files - world executable files - group writable files - group executable files with uneven privileges files which are SUID files which are SGID files which are sticky finger (port 79) fingerd firewalls ftp (port 21) ftpd ftp chroot GID=0 GID - users without a GID or invalid GID guest acounts GUI hosts.equiv hosts scanned HTML links http server (stack overflow) HTTPd (port 80, 8080) ICMP redirect inetd.conf file INN IP Spoofing Java key-stroke capture test LAN Manager (Win NT) loadmodule login (rlogin) (port 513) Microsoft Internet Information Server (.bat .cmd) mknod motd NetBIOS (port 137) netstat (port 15) network-hijack test networks NFS directories world readable/writable NFS export NIS being used NIS domain name easily guessable NNTP (Network News Transfer Protocol) (port 119) OOB OS version password cracking password file - duplicate name password file - users with duplicated UIDs password file - users with a disabled password password file - users without a password password file - users with unmatched password file entries password lifetimes patches pcnfsd check permissions pings PIPE command allowed (mail test) POP (port 109, 110) portmapper ports - which ones active portsw PROM promiscuous mode proxy scan .PWL files for Win 95 rcp rdist rexd Rexec rhosts RIP (Routing Information Protocol) Rlogin (rlogin -l froot; -f option) root accounts Routed Router RPC Rsh (NULL username) Rstat ruser Rwhod selection_svc sendmail (old versions, debug, wiz) server type services (/etc/services) shell (rsh) (port 514) SMB (System Message Block) SMTP (port 25) sniffer SNMP (Simple Network Management Protocol) SOCKS (port 1080) spray daemon sticky bit Sun RPC (port 111) portmapper SYN flood exploits SYNC SYSLOG system file authentication system log flood telnet (port 23) TFTP time service (port 37) traceroute Trojan-Program test trusted hosts UDP bomb attack UID=0 UID - duplicate UIDs in the password file UID - users without UID UID - users with invalid UID umask user account information user records with improper number of fields users without a home directory shown users with invalid home directory users sharing home directories users with sticky home directories users home directory writable users without a shell shown users with invalid shell users sharing shells users shells which are SUID/SGID users shells which are writable UUCP (port 540) virus checker VRFY enabled wall daemon Windows NT (redbutton attack, etc) wizard backdoor (sendmail - WIZ) wu-FTP X25 X Server (access controls) .xsessions X Window System YPUPDATED