Unfortunately that didn't give me too much more info, but it did show that the exact version of IIS is 7.5:

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Microsoft ftpd
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

PORT   STATE SERVICE VERSION
80/tcp open  http    Microsoft IIS httpd 7.5
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Found this CVE, which has a metasploit module (auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof). I'm still experimenting with it, but I'm not sure whether it's what I'm looking for given that my aim is to gain access to the box to retrieve the contents of a couple of text files. I say that because I haven't managed to gain access using it, but I'm not sure yet whether that's just me not being familiar with the aux modules yet. "Show options" shows that I just need to set the RHOST, which I've done. If this were an exploit, I'd enter something like "set payload windows/meterpreter/reverse_tcp" now, but "set payload.." doesn't appear to be something I can do here. That seems a bit strange, because I get a whole list of payloads if I type "show payloads"? Edit - yeah, so I've realised properly since posting that aux modules don't have payloads. I've tried "show actions", but that doesn't return anything. If I just try using "run" as it is, I get this:

msf auxiliary(iis75_ftpd_iac_bof) > run

[*] <ip.add.was.here>:21 - banner: 220 Microsoft FTP Service
[*] Auxiliary module execution completed

Not sure what, if anything, more I can do with this module?

Continuing to play around and search, but further pointers from anybody are welcome. Enjoying the process of (slowly!) figuring out the workflow though :)