whoami /all (if enabled, then use printspoofer or got potato).
β’ Simply run PowerUp, then find privileges on unquoted DLL, etc.
β’ Upload WinPEAS for further enumeration if the above does not work. WinPEAS mostly finds plaintext passwords.
β’ Lastly, find any executable (exe), PowerShell script (ps1), or PDF file running. Run it for further enumeration and search on Google for additional details.