The RHOST IP should be the victim machine's IP ie x.x.x.67. RHOST is remote host, not local.

Steve.

SOOO sorry guys i typed ip address places wrongly so here is thwecorrect info:

Attacker Machine: Bactrack 5 R2 Gnome
      IP Address: 192.168.137.67
Victem's Machine: Windows XP SP 3
      IP Address: 192.168.137.165

i modified the first post too so you can check it too

i really dont know what is my problem everything seems to be ok help me pls

ok unicityd  so you think which SP of windows xp is vulnerable?
and which msf exploit is compatible with Windows XP SP3?

Hi cyber.spirit

I guess you go through Viveks Videos on Metasploit, right?!

As far as I know the RPC-dcom exploit has been patched in SP1 or 2 ...not 100% sure at the moment.

However, the exploit will definately work with an unpatched Win XP - so no SPs (I tested that). Also make sure to disable any (Windows-) firewall.

who on earth will be using XP with no SPs and with a disabled firewall lol, even if the exploit worked, what's the point of getting access to a host threw that exploit whithout knowing what is really happening at the back end and how does these exploits exactly work.

Subscribe to the Bugtraq and Full-Disclosure mailing lists.  They are used for reporting and discussing new vulnerabilities.  Unfortunately, any tool/exploit you see announced there won't work for long on any system that is kept up to date. 

If you want to have something reliable that is going to work on a fully patched system, then you either need to write your own exploits and keep them secret or find someone willing to share their zero-days with you (not likely unless you're paying).

There's nothing wrong with playing with a completely unpatched system to test out a tool like Metasploit to learn how it works, but you don't need to learn the exploits themselves.  Exploits have a short shelf life.  MS03-026 is from 2003 (hence MS03); it's ancient.

If you want to target Windows XP SP3 systems, your best bet is to use exploits targeting applications like Acrobat or Flash.  Those are less likely to be up to date.  Of course, you'll have to find some way to get the user to run the exploit.

You should probably look for some of the other getting started threads on this site and follow the suggestions for reading/learning/experimenting.  You need to build up a skill set rather than looking for a magic bullet.  Occasionally a magic bullet does come along, but they don't last. 

By no way am I a metasploit expert.  But as with all pen testing, just because a scan says something might be vulnerable, doesn't make it so.  Metasploit does have the ability to do a quick check but it will be basing it on a few factors.  open ports, responses received and version of software will contain some of these clues to the system being exploitable.  But, information could be wrong or you may not be getting the full story.  Part of your learning should be to read up on the vulnerability reports for the systems.  You can subscribe to Microsoft's security bulletins as well as keep your eyes on Bugtraq like unicityd recommended.  If you run an nmap scan against the target and it comes back saying it is Win XP SP3 then look through your lists to see what it might be vulnerable to.  Remember, extended support ends soon so security patches will become limited soon.

I am sure you are now wondering about developing your own exploits.  Well if you have some decent assembly knowledge, that will be your language of choice to reverse engineer the kernel libraries in Windows.  There are some courses that cover this as well as some books out there.  You will need to get comfortable with Assembly to make decent exploits and find 0-days.  And assembly is a frigid cow of a language   definitely not as warm and fuzzy as Python or Ruby   But it can unlock a wealth of information from systems if you can navigate the dump.  Another tool that will be helpful is the Windows SDK, with some fun virtual serial ports you can connect to a system and run the debugger against it to see all the goings on and even send commands to it to see what breaks or how it behaves.

As for ZeroOne, you would be surprised how many legit copies of XP are still running around without the latest patches and service packs.  And as I said before Microsoft will be ending support:
http://windows.microsoft.com/en-us/windows/help/end-support
Granted those with XP SP3 are good until 2014.  But that gives big organizations and enterprises enough time to roll-out Windows 7 in a non-holy-shit-we-gotta-move manner.  It is also sad to know that there are still Windows 2000 and NT4 servers out there in production. 

On final note, any new testers out there should be looking toward Windows 7, 8 and Server 2008.  If you are in school, by the time you get out, those will be the primary systems out there.  Always keep your mind on what will be out there when you graduate.

Ok, probably more than you needed.  But hopefully you find it helpful.