Hey folks

I'm relatively new to the "scene" of security testing, so here's a very brief review of my problem.
I'm befriended with the administrator/webmaster of a website including a board (lastest release of BurningBoard software). I did some rather small things like securing my wireless-router, recoverings some self-made password-hashes with hashcat and so on.

Now I wanted to check if the website was vulnerable to any attacks. in order to do this, I used Fast Track, furthermore the db_autopwn function. Since it failed (0 sessions) I thought the website was secure. So just for fun I searched for my old Win95 PC and tried to get into it with Fast Track (also using db_autopwn). To my surprize, it failed again.
I tried some other PC's of friends and every attack failed.

So, what am I doing wrong? I know, db_autopwn is not really the best thing to do (automation is generally bad), but it should at least be able to find an exploit in a Win95-system which has never been updated.

I read lots of hours through the Fast Track-wiki, but nothing gave me answers