Checking currently running processes and services as the low-privileged user would be an essential first step, as it can reveal applications or services running with higher privileges that may be vulnerable to exploitation. Examining the /etc/passwd file is usually an initial step, but it serves to identify potential target user accounts rather than privilege escalation vectors. Reviewing cron jobs is also a beneficial action, but it's more specific to finding scheduled tasks that might be run with elevated privileges and would not ordinarily be an initial step. Finally, brute-forcing the root password is typically considered a last resort due to its noisiness and likelihood of detection, and it is not directly associated with vertical privilege escalation exploits.