Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
If there are additional open ports running services like ssh or telnet you can try to see if they are open and utilize online cracking assuming there's no rate limiting. If it's simply just http and nothing else open, then a webshell would be the go to path for initial access. After which in order to elevate privileges gtfobins putting you out of the web service account and into root directly from which you can perform additional tasks to maintain persistentce. But don't need to take my word for it as a more detailed view of the steps can be seen here with this framework https://attack.mitre.org/