I have experienced many instances where I got a low priv shell (sometimes user.txt also) and not able to escalate privileges. Usually I run linpeas, check for sudo rights and do the other basic stuff. But when the way to move forward is to find a credential in some file inside several directories or some binary which is stored somewhere and can be exploited, these situations require thorough manual enumeration. In such cases I completely miss the thing required to move forward.
I just get the feeling that there are hundreds of files and folders to look into and I don't even know what I'm looking for. Where should I start looking, where should stop and what are the things which are useless to look into? Aaaaaannnd I'm stuck!! 😕
What is the correct way of doing manual enumeration (if there is any such way) or how do you people approach after getting a low priv shell?