In order to move horizontally on the network we need to know as much about the machine as possible. We need to loot it. These are some things that must be done on every compromised machine.
Who else is connected to the machine?
It is always good to have a list of all the hashes and crack them. Maybe someone is reusing the password.
netstat
ipconfig