After compromising an initial host inside a network, which technique would best enable access to a sensitive database server not directly reachable?

Pivoting through a compromised host to reach a segmented internal resource. Once you own an initial machine inside the network, you can use it as a stepping stone to access hosts that aren’t directly reachable from your position. The database server may be on a different subnet or protected by firewall rules, so you tunnel or proxy your access through the compromised host’s network path. This leverages existing trust and routing, letting you reach the database’s service port as if you were inside the internal network, often via SSH tunnels, proxy tools, or similar techniques. That makes it the most effective way to reach the sensitive server without direct access from your starting point. Other options don’t solve the reachability issue: a remote denial-of-service attack would not grant access and would reveal activity; harvesting credentials might help if you could reach the server, but it doesn’t bypass network barriers; shutting down the database server would be destructive and counterproductive to gaining access.