So again, getting back to the previous comments made by others and myself:

If you've been there AND HAVE done work for them, then why would you ask what kind of server are you hitting (is it Windows or is it a firewall?)

"Fiddling" with production servers doesn't seem like something a company would tolerate unless they don't mind potentially losing business. So nothing you can add makes much sense. Most companies allowing security testing to be done almost ALWAYS 1) ask for business references 2) look for insurance policies, etc., so unless the principals of the company you're testing are 1) insane 2) completely void of understanding risk 3) eye dee 10 tees it smells fishy as heck period.

If you're looking to learn is one thing. Looking to learn on a production server is outright stupidity and anyone allowing it should not be working on that server either. My PROFESSIONAL two cents. (Not that anyone's asked). Back to the learning curve. If you're truly just curious, stay away from potentially taking out a server as it seems (and I mean this constructively) you don't know enough to avoid causing potential harm to a production environment. I've performed quite a few pentests and have recurring companies on a quarterly basis. I can tell you firsthand the last thing you want to do is cause a potential outage.

For those stating: "mimic the network with VMWare" while it may be a theoretical approach, one can't know about the patch levels on a machine in order to mimic it. The patch levels, the configurations, the user account/group configurations, etc to make it a feasbile test. You'd be pentesting nothing more than your own VMWare image, not a mirror of a target.

Jonas, I suggest you focus on learning OUTSIDE of production servers. Since you seem to still be learning, explain to this 'company' that 'allowed' you to tinker with their servers that you don't want to potentially damage their business by possibly bringing down a production server. Be honest with them: "I'm learning and there is a risk by allowing me to tinker that I can bring down (DoS) your server inadvertently." They'll appreciate you more than finding out by you fiddling you cost them money.

There are more of those companies out there than you'd believe Sil. You can usually spot them by the fact that they don't have a legal department / 1 lawyer on staff.

I'm all for lab building and testing. But there is only so much a lab can teach you, unless you're lab is really really high end (including firewalls). Even then there are things you'll not understand like the current situation Jonas is in.

I agree, there are some things that are off. I applaud jonas' desire to learn, and his willing to try. AND THE FACT HE IS WILLING TO ASK QUESTIONS.

@jonas
since you've mentioned you've got contacts there. I think it wouldn't hurt to ask them about some of the things you're seeing. They know the network better and might be able to give you some information you'll need. You can also let them know that something is misconfiguration and leaking internal ip address.

Give the password lists at http://www.renderlab.net/projects/WPA-tables/ a try.  I know this page is about WPA, but the password lists they give are still pretty good ones.

You need to understand people are trying to protect you as well. You really should have a signed, written contract. You may find that the person who gave you permission to do this doesn't actually have the authority to do so. Or he passes the blame on to you if something goes wrong. You're also subject to the laws of countries you're in, the target's in, and any country the packets pass through (they may not go in a straight line). You could quickly find yourself in serious trouble and ruin your career. It's a point that's worth bringing up, even if you only want technical information.

P.S. Run Dir Buster against the web server. Maybe you'll find some interesting web apps.