No Admin?

  • Do you have any access to file shares?
  • wwwroot: drop a web shell
  • web.config: access to cleartext creds
  • backdooring any files with your payload
  • Pivot through SQL server with your current credentials or with any SQL scripts you have found
  • Internal spear phishing
  • Pivot to web and cloud services and try to escalate privileges from there(Azure, exchange etc.)
  • Search for any low hanging VNC creds or SSH keys/passwords