NetBIOS is a binary protocol.   You can run the following nmap command to check for a few vulnerabilities.   There are also any number of scanners that will identify NetBios vulnerabilities. 

Pay close attention to what Ketchup told you.  When I mentioned banner grabbing, I wasn't specifically doing so, for 445.  It was a generalization, that is something you should be doing to any list you get from your initial scans, before trying to just jump in and exploit.

But Ketchup's advice is very valid, for your port 445 scenario.

Sounds good.  Keep us posted.

@rebrov -

Glad to see you're still hanging around, and learning!

That list shows open ports, and generically defined services.  Your next steps should be connecting to those ports, and banner grabbing / researching, to see what service versions, etc, are reported as running on those ports, then follow up with searches for vulnerabilities existing on those versions and services.


thanks for info i will try telnet or netcat for banner grabbing
For instance, you might find that some other service is actually using that port, and it's not really Microsoft ds on there, at all.  Conversely, you could be hitting a honeypot (if this were a real-life pentest,) where that port isn't really even running the exploitable service, but responds to queries as if it was.  You need to adequately try to determine what's running, not just gather a basic list of responding ports, and start attacking.   

These are very tried and true principles for pentesting, and you need to do some digging on them, rather than just throwing a list of nmap reported open ports to the list.  We're here to help, and to answer educated questions, not to lead you through every step.  (No offense intended, just recommending you spend more time on this than simply a base nmap scan, followed by, "why doesn't an exploit work on 445?")

I understand that you're running a tool, like Metasploit, to perform these tests, but sometimes, you need to have a clearer understanding of the target system and it's services, before just throwing Metasploit and other tools at it, in the hopes that generically defined exploits will 'just work' as you'd like / expect them to.

Good luck, and as you continue, let us know what more you find.

I do believe that SP3 is vulnerable by default. 

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

Yes, you can exploit port 445 on an XP SP3 machine.  Bug, why are you just randomly sanding exploits against this machine?  Why not identify the vulnerability first?   Coincidentally, I find that the MS08-067 is the one most common false positives.

Are you sure your target is MS08-067 vulnerable?   Any chance it was patched?

Your router has two interface- external and internal. Each interface has a separate I.P address. When you use 'ipconfig', the I.P address of the default gateway you see there is its I.P address for your INTERNAL network. This address is not routable on the internet. Even my router can have the same internal I.P address as your router and we'll be able to communicate.

What the world sees is the I.P address of the external interface of your router. This I.P address is your unique I.P address on the internet. It's the one that's used when some other system wants to connect to you.

So in this case set LHOST to 41.x.x.x and forward LPORT from your router to your 10.0.0.167 machine.

I don't think that your I.P address basics are weak...it's just that they aren't strong . Reading a IPv4 chapter from a good book will make your concepts clear.

LHOST should be the external IP address of your router and LPORT is the port 'forwarded' from your router to your internal machine. You can't use your local LAN I.P for LPORT because it's a private I.P address and private addresses aren't routable on the internet. The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for local networks.

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Suppose your router has an external I.P address 172.16.1.1 ( I've used a private I.P address for this e.g as I don't want to offend anyone) and your computer's I.P address is 10.0.0.1
In this case you'll set your LHOST to 172.16.1.1 and your LPORT to a port forwarded by your router to your 10.0.0.1 computer.

We normally use port 80 for LPORT because most firewalls allow 'outbound' traffic through this port and communication through this looks pretty innocuous. Though the victim's firewall will allow a reverse shell through port 80, you won't get it unless you forward port 80 from your router to your computer i.e you've to specifically allow 'inbound' port 80.

Constructive criticism time...

You need to learn the differences between routable IP's and RFC 1918 addresses. (http://www.faqs.org/rfcs/rfc1918.html) RFC 1918 addresses would never be routable across the Internet. So while you placed the L(istening)HOST address, you made it into a Local Address on the 192,168. 8.x network. So unless both you and that victim were on the same network, it would never work. I suggest understanding the differences in addressing before even going further. Networking is a fundamental MUST UNDERSTAND if you're going to get involved with pentesting. I rank it as the TOP priority.

I suggest learning TCP/IP and routing so here is the freebie for the week: Juniper's Fast Track training program. It's free and informative for anyone seeking to understand networking. You don't need to necessarily want to aim for JNCIA certification but watching the content and reading the content will help you in the long run.

https://learningportal.juniper.net/juniper/user_fasttrack_home.aspx

You do not need any expensive stuff to build your 'virtual' test lab. In fact most of the stuff in my lab is absolutely free. You can find various open source counterparts of commercial tools.
There are various 'free' virtualization products available like virtualbox, vmware player and vmware server. I'm a big fan of vmware products. Personally, I believe that vmware server will be enough for what you want to do. Vmware server is a stripped down version of the excellent commercial vmware workstation but contains almost all the basic features you'll require. You can download pre-built linux virtual machines from the vmware website http://www.vmware.com/appliances/directory/
There's also a free route to get Windows OS. Either you can download the OS from Microsoft's website which comes with around 3 month trial period. Furthermore, you can also download Windows XP SP2 virtual machine from  NIST's website http://www.offensive-security.com/metasploit-unleashed/windows-xp-machine-setup
As for the softwares like ftp, telnet daemons and webservers etc...well most of them are free anyway  

Jhaddix and Laz3r have posted wonderful tutorials to build a virtual test lab. You can get them here:-
Network pentest lab setup    
Pentest Lab: Web Application Edition

Additionally, you can practice on ready made targets like De-ICE live disks, hackerdemia and pWnOS all of which are available here http://forums.heorot.net/  You also have LAMP security disks http://sourceforge.net/projects/lampsecurity/  Also try your hands at the 'Skillz' section of this forum http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,12.0/ They will test your limits.
There's also a topic here at EHNet which will direct you to more stuff for practicing http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5043.0/


As for the other part of your question.
Teamviewer does not make you connect to the remote computer directly (Not until you both are on the same network). When you initiate a connection to a remote computer, you and the remote computer are in fact connected to the teamviewer server. So all the data flows through the server and you don't have to forward any ports or worry about the firewall rules  

I hope that solved some of your problems