thanks for ur prompt reply bro, quite interesting, i already took a loot at the Darkoperator blogspot about getting terminal from shell, but when i run the command, netsh firewall set opmode mode=DISABLE  it says invalid, unknown command firewall set opmode and like that...i think your earlier post is quite easier though and combining both will be great.

Yea vnc is good to see what the user is running and doing at the moment, what do you think uploading a RAT

thanks for your great support,
i did run the command on the shell not meterpreter,

C:\WINDOWS\system32>netsh firewall set opmode=DISABLE
netsh firewall set opmode=DISABLE
The following command was not found: firewall set opmode=DISABLE.

C:\WINDOWS\system32>

that is what i get

C:\WINDOWS\system32>netsh firewall set portopening TCP 3389 RDP Enable
netsh firewall set portopening TCP 3389 RDP Enable
The following command was not found: firewall set portopening TCP 3389 RDP Enable.

C:\WINDOWS\system32>   

what do u think might be wrong, or its the target pc missing somethings? its just a win xp with nothing on it, i got it for practical purpose maybe its the one with the fault or......?

i am looking at the blogspots u gave now

I went through the sites and the http://darkoperator.blogspot.com/2008/11/re-wrote-winenum-and-added-new-features.html was good, but i took a look at the meterpreter scripts on there and almost all were said to be on metasploit project now, if so wy do i keep getting invalid syntax then.

I GOT TO SEE NOW THAT THE SCRIPTS ARE IN THE FRAMEWORK3 BUT I AM USING FRAMEWORK2 WHICH I DO NOT SEE SCRIPTS IN THE DIRECTORY...MAYBE THE CAUSE.

THANKS FOR ALL YOUR ADVICE.

yea..thanks for ur great comment, it actually said it all..i mean all. i cannot penetrate using the metasploit 3 that was while i use the metasploit 2 instead and i got it, i actually DIS - ACTIVATED the windows firewall myself, maybe that is just the cause as you have said..... which i believe it is.

thanks brother i appreciate alot.
God bless

Only string parameters are case sensitive, the rest is not. So if you add the rule:
netsh firewall set port opening tcp 3389 RDP enable
and then want to modify the new RDP rule you have to use the same case so Rdp or rdp will not work.

Sounds to me like your target is running AV of some sort.  SubSeven is probably being immediately detected and removed by any security product on the machine.  I'm betting that even with the AV "disabled" you are still running into problems with security software of some sort.  Windows defender, anti-spyware, something?

Take a look at your running services.  If you own the machine and can get to the console, try adding an exception for the directory you are uploading the RAT to.  Copy the file locally to the folder and verify that the file isn't quarantined, etc.

I thought I had AVG "disabled" for some time, but it kept eating Poison Ivy and sending it to quarantine...

i understand it now, yea i have access to the target machine, i will do as you have said and see what happens
thanks

Which exploit are you trying?
Firewall turned off?
Which SP? Has the box been patched recently?