The exploit can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-5689.
First we scan the client to check if 16992 is open.
Once identified, we can query the port to make sure it is Intels AMT:
The exploit is to do with POST requests for the login credentials. Sending a blank response, should allow you to bypass the login if the version is exploitable.
You can use tools such as Burp suite in order to intercept the traffic and change the response. You just need to remove, the highlighted text. so that it reads…. Response=””
Once in, you should be able to have some fun. You will have access to create user accounts (Back door) or to change the systems behavior. You might also be able to setup a remote session as seen here: https://www.prajwaldesai.com/control-remote-computers-using-intel-amt/
The worrying thing being that some of these are exposed to the internet, even today: