Well today super sucked. Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

Here's a gist for my friends who are visually impaired and/or prefer copy/paste. https://gist.github.com/int0x80/9e7b096684dd37c478198404d171aa3f

The socket info can also be pulled from environment info, e.g. /proc/<pid>/environ. Permissions on the temp directory are 0700 in my experience, so you'll likely need access as that account or root. Works great when I have a shell but no creds.

In amazing style, @wvuuuuuuuuuuuuu contributed an extra tip about ssh-add to the gist https://gist.github.com/int0x80/9e7b096684dd37c478198404d171aa3f#gistcomment-3585091

Peep game on the gist for extra hacks on SSH configs from @0xdade and Kerberos, ssh-add, and SSH tunnels from @wvuuuuuuuuuuuuu. Hack all the things!