You could take advantage of:
- Vulnerabilities in the core Operating System and applications provided in a default install (search)
- Vulnerabilities in installed third party applications
- Flaws in the configuration of the Operating System and associated default services (e.g. weak passwords, insecure permissions, inappropriately exposed shares or services, etc)
- Flaws in the configuration of third party applications (e.g. an Apache server running php code with insecure settings, database server with weak permissions/authentication, etc)
You might want to ask a more specific question if you were expecting more detail than that.