i have permission for pentest

No problem.  As for IIS 6 well sometimes you just need to realize that it may not be exploitable based on what is in use.  Not to say that IIS 6 is not vulnerable to other attacks, but if the network is configured properly it is very difficult to use things like reverse TCP shells.  So you need to say "Well this particular server does not make a viable attack vector because..." and state that it is possible that proper firewall rules are in place as well as IDS/IPS systems preventing the attack from happening. 

IIS 6 is still currently supported by MS so there are regular updates available and there are hardening processes available.  So if the person who configured the server originally new his stuff, then that server might be locked down tight.  If you review the last few big breaches you will see that it wasn't necessarily the version of software that was a problem but the configuration in the particular application.  So it wasn't necessarily because IIS had ASP configured but an application configured with ASP.NET may have not been properly coded and XSS was allowed or the code to the SQL backend wasn't secured and SQLi was allowed.

Now if your MBSA report of that server came back green then there may not be any easily exploitable vulnerabilities on the Microsoft end of town.  You then have to look at the specific web apps and try there.  If it is custom written code then there very well could be some user created vulnerabilities.  If there are no apps and its just a regular old web server well you might not have too many options. 

hey you hayabusa listen to me
i dont have to explian you andDon't slander to me without a valid reason i study CEH and im beginner in hackers world if and i just spoke with 3xban not yes im a help desk in a small company as i said i wanna act like malicious hacker because my boss knows i can gain access to the web server with my cerdential in the office
and you if you dont wanna help my dont post to this topic again

Ok...  You win.  You'll get no more response (or help) from me, after this post - on this thread, or any other, because your attitude is shining through.  You're taking this way too seriously.  I asked you a question, because things seemed fishy.  You fired back, guns blazing.  Simply clarifying would have been enough.  Period.  And then we'd be getting along, wonderfully.

I even - nicely - responded at the end of my previous post, saying that I was glad 3xban's post was helpful to you.

Anyway...  Good luck in your efforts.  Whether or not you choose to believe me, I wish you well.  But until you want to realize otherwise, that my intentions were justified, you've burned a bridge.  Take care.

I'm glad my information was helpful.  Though I will side with Hayabusa on the attitude adjustment.  I tend to try and help where I can here since these guys are full of awesome information and are always helpful when the need is legitimate.

My rule of thumb is that if you are new to a group such as this, you need to observe a bit.  Understand the group better and who the top players are.  If you jump right in and start off with asking questions for help, usually that is a red flag.  I am sorry that I didn't question your motives sooner but as I said, I tend to be a helpful guy.  When you get overly defensive on something, it leads us to believe your motives may be more on the UN-ethical side of things. 

As you mentioned you are from Turkey and the language barrier may have you coming off a bit more defensive than expected.  And that is fine.  From our standpoint there is at least one post a day that is someone asking for help or looking to hire someone to perform some unsavory tasks.  We tend to probe the individual before answering any questions.  I figured my suggestions were nothing you cannot find on google so I didn't see any threat in answering your questions.  If you truly mean to get educated here and use your powers for good instead of evil, then please continue being part of the community.  If not, well then like Hayabusa said, you will not get any additional help from us.

Good luck.

and what do you wanna know?!

hello 3xban and hayabusa
and whats up?!
i have a problem with MBSA i can scan computers in my local subnet
but about our web server i cant scan it from internet it gives me this error:

Could not resolve the computer name: . Please specify computer name, domain\cemputer, or an IP address.

and then when i user the server IP address its gives me this message
again.

my internet connectivity is well the dns server are working properly
i can ping our server i can run a port scanner like nmap on it
and every thing is great except MBSA program

i have backtrack linux can i use nikto to scan our server or whats your recommended

and again thank you for your helping
and good luck

all right what about nikto and other web scanners on backtrack linux