Active exploitation is the process of executing exploit code against a live target system — moving from identifying a vulnerability to actually gaining access or demonstrating impact.
Always verify the exact OS/version before running exploits — wrong exploit can crash services (especially for critical infrastructure pen tests). Have a rollback plan. Document every exploit attempt (success or failure) with timestamps and evidence. Never exceed authorized scope.