Yes thats correct 3xban sorry if im confusing you. My victim pc is a windows cx professional with service pack 2. The reason being is because I couldnt find any iso's that had no packs or just service pack 1 so I had to go with that one.

I am going onto the microsoft website and searching for exploits that work for windows x professional with sp3. Now on the microsoft wesbite it lists many exploits for that O/S but when I search for the same exploit on metasploit it isnt there, so how can I exploit this O/S if metasploit doesnt have any exploits?

If you can find me a good trusted download for windows xp that is totally unpatched that would be awesome!

I see some exploits for things like windows media player and adobe reader ect but I cant think why you would ever wanna exploit these programs? What can be acheived......

Great thanks for those links I shall look into that. One thing that puzzles me though is I have found exploit code on websites such as exploit-db but I dont know how to actually use it once I download it, Is there anyway to add the code to the metasploit module list?

Also many of the modules in metasploit have been added by the community.  Don't focus on popping shell on everything, although that is what you want to try and get in most cases, it is not necessarily the keys you are looking for.  Popping shell on one system may be the first step in gaining a foothold in the environment as well as doing additional recon to discover your true target. 

The reason why one would want to exploit the applications is because the bug/exploit available for them will pop shell.  For instance metasploit has a number of modules for Adobe Reader.  Some will help you created a bogus PDF or web link that will exploit a bug in older versions of reader and allow the attacker to get a reverse shell using Metepreter. 

In most cases you will see MS say the bug "could" allow remote code execution.  This does not necessarily mean you will gain remote access, but you can use the exploit to drop code that will allow you remote access.

Like cd1zz says, sometimes you need to take a step back and look at things as a whole.  An excellent book to take a look at is Professional Penetration Testing.  It goes into a bit about some tools but what it ultimately provides is great insight on the pen testing process.  It also has a number of challenges that use WebGoat, De-Ice vms and Hackedermia. 

Preestar check out my PenTest video where I attack a client using an outdated version of Internet Explorer in order to compromise the machine and eventually the rest of the network.

~TheXero

Nice video TheXero clearly you remember all of the payloads, commands and their uses off by heart lol whereas I hae no idea what any of that stuff means. Therefor I need to do some reading.

I wouldnt know where to begin to crack something with no scripts or hacking programs ect

Yeah...  The ability to write scripts is important, and will come with time and experience.  Just make sure, as I'd noted in the one other thread, today, that you also spend time on the existing tools (NMAP comes to mind, but all tools in general,) learning how to use them, what they do "under the covers" (not just run this to get 'xyz' result,) and really get familiar with them.  Even the best still rely on existing tools, too.  The difference is in the level of understanding, around those tools.

Videos help.  Books help.  Professional networking helps (meeting like-minded IT-security pro's, like those of us at EH-net, who will openly discuss with you, and teach you.)  Get yourself into a mindset that "This is what I want, so I will wholeheartedly pursue learning and growth." 

You WILL reach new levels.  Just stay focused.