Recently I found myself with limited access to a client site. All I had was wp-admin. No server or database or anything.
A neat trick to add a theme file, use http://us1.php.net/touch in the header.php, hit a page on the site, remove it. And you now have a new template file you can edit on the client’s site.
No remote access required.
It does show you how vulnerable your whole site is if someone gets logged in with admin privileges.