There may be easy ways into a server depending on the security level that the server has been "locked down".
Obviously servers must have some ports that allow users to access, via authorised IDs and passwords. Some web interactive servers allow non-logged-in access, ie anyone can access a certain limited level.
There are other ports that wouldn't normally be used. If these ports are not overtly shut down, ie "locked" to prevent unauthorised access the server has a weak point.
When we launched an internet service, many years ago, (I'm about 5 years into retirement now), we brought in a security expert to lock down the servers. We also operated the payment system on a different server so that hackers couldn't directly access the payment server, which obviously had card details on it for payments to be processed.
I remember, many years ago, accessing other PCs on the network by using something like $C: to access DOS on their root drive. This bypassed any required login. I can't remember the exact syntax now, but once into the harddrive it was a simple task to load autoexec and/or windows files.
My vague recollection of Windows NT (it was a long time ago), was that in setting up security levels, it can be quite confusing when you're setting up groups of servers, one server can see and trust another, but cannot be trusted by that other. You then might need to mirror that trust relationship on the other server, ie can see, and can't trust, but can be trusted.
On top of that there was a priority of relationships, one taking precedence over another.
Once you're into a whole array of servers, it's amazingly easy to overlook a trust relationship or to inadvertently leave a weak point.
It's even confusing trying to explain and understand it.
Once a server is visibe on the network it's purely time to try all the potential weak points or to discover new ones. As we know, even Microsoft overlooks some when introducing a new OS.