Point is, look for installed third party apps that have local priv exploits if the box is totally patched.
I agree, this is the part I am working right now, look for weak services and their applications installed.
I know I could find a remote exploit or use meterpreter, but not, I want to do it manually, I got shell with netcat using a asp shell. I need to master it, I think is more difficult to escalate that to get shell.
Also something that mess up a lot is that sometimes when I type the wrong command or wrong way I loose connection, lol..... TRY HARDER and write down how you got shell ASAP