As for what to do next, it depends on the scope of the test (allowed target hosts and methods) and the objective of the test. Check out the OSSTM and OWASP testing guide to get more ideas. Its a good idea to read these not just for technical ideas of what to do next, but also to give you an idea of the proper way a test is conducted including Scoping, Permission Memos and Rules of Engagement.
Before you do anything else make sure you have legal permission and that you know the potential impact of the tools and techniques you use (e.g. test them beforehand in an isolated lab).