Got a shell, now what?

Hello there, i am studying IT security at the university and among my classmates hackthebox became quite trendy. For the first time, i managed to get past recon and got a shell. As i am collecting a record of good practices and commands to run while pentesting, my question is:
what do you look for, what steps you plan, what commands you surely run/try to run once you got a shell but no passwords?
this is a list of what i currently have:

kernel version (uname -a)
env
whoami
history
who
w
last
sudo -l (sudo less -->!/bin/bash) (sudo find /var/log -exec -/bin/bash -i :wink:
ifconfig -a netstat -antup
lsof -i
find / -perm -u=s -type f 2>/dev/null
dmesg
journalctl

As you might have already figured out, i got some info by running those commands but nothing that led me to the path to user’s pw.

Thanks in advance

There are literally dozens of privesc guides and scripts out there man.

For a better picture Google and run these tools for general enumeration and finding misconfigurations or exploits:
LinEnum, linux-smart-enumeration, linuxprivchecker.py

You can enum cronjobs using the tool pspy

Check the kernel version and Google for exploits, check webserver’s configuration files for creds or ssh keys, the bash_history files for leftover data and in general what looks out of place or interesting!

sudo -l
then i run the scripts mentioned by dachef
pay attention to suid files
check the weird ones on gtfobins
pspy to see what crons run and get a general idea if there is a way to root from there.

Generally from what i have seen so far the easy and medium linux machines are a mix of service misconfiguration, loose perms on executables, config files and folders, left-over keys or plain text creds in normal and backup files as well as sudo permisions on various executables.

Resources you could use:
IppSec youtube channel
https://ippsec.rocks/

https://gtfobins.github.io/

The hard linux machines (at least the 3 of them that i have done so far) are of the same mindset but require way more enumeration and ‘back and forth’ to gather more information. Also their exploitation techniques are usually more a bit more advanced.

Thank you for the answers. I’ve spent some time testing out your resources/advice and made some progresses. Could feel overwhelming to dig through docs but thank you again for helping me going forward