IP needs to be accessible from the victim (should be the IP of the machine that runs the exploit)

Demo