During the penetration test, sometimes the RDP port is not under 3389. At this time, you can execute the following command on the command line to obtain the RDP port:
REG query HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server\WinStations\RDP-Tcp /v PortNumber
Then use a calculator to convert hexadecimal to decimal: