The investigation

Using ftp to connect to the system, I went on a search mission looking for anything obvious.

I downloaded the password file (with the admins prior approval) and began running crack on it.

I checked for any stray vulneralble scripts. None were found, confirming the scan results.

A check for vulnerable suid programs revealed a vulnerable, and suid, mount program. This was the easy way up to root once the hacker had shell access.

Was not possible to determine if the system was vulnerable to the telnet linker bug but the hacker libraries were not found for that exploit.

System was completely compromised.