If a server has LFI vulnerability, I usually try to find if ssh is open and after some research if I can't find any spilt credentials, I just bruteforce it or something.
Can I use a LFI vulnerability for something else useful to exploit the system other than looking at /etc/passwd which I usually do to find usernames.
You could poison log files for example if this is a LFI (which includes a file, i.e. executes any php code) to achieve RCE. You could perform an HTTP request to the server using PHP code as the user agent, and try to load the log file using your LFI. If a require/include function call is made, the php code should be executed. You will find additionnal information here: https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/ (and on multiple other pages on the internet :))
If all you can do is displaying files (i.e. a php file is displayed instead of being executed) then some people don't call this LFI but directory traversal or other terms (arbitrary file retrieval, etc.)
