Porting BlueKeep PoC from @Ekultek to actual exploits
Working shell code. However you have to generate your own and customize it to suit your need. This is not some off-the-shelf exploit which you can just grab and check out.
The shell code in this example is generated using the Magic Unicorn from trusted sec. https://github.com/trustedsec/unicorn
The response should look like the following:
[ + ] <socket.socket fd=3, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('192.168.137.1', 64251), raddr=('192.168.137.201', 3389)>
laddr (aka lhost in metasploit) is the IP that it will connect back to. However, as said, this is just an example. You should write your own shell code in order to suit your setup.