You may be missing a couple of steps in the pen-testing process. Be sure to do good recon & footprinting of your target system, what it's running, and its weaknesses. Only after you have identified the victim's soft spots should you launch an attack. This will give you the best chance at success.
I think of browser_autopwn as the equivalent of a sledgehammer...you smash your way into the box. I like to take the scalpel approach...make a targeted & surgical attack on my target.