The exploitation phase in a penetration test focuses on exploiting the vulnerabilities that have been discovered in the previous stage to establish unauthorised access to a system or resource. This can be done by exploiting weak passwords, out-of-date services, services misconfiguration, incorrect input sanitation...

Once a system is successfully compromised, it is often possible to penetrate more systems because you now have access to more potential targets that were not available before (Post-Exploitation).

Finally, an exploit should be performed only when you are confident that triggering the vulnerability will be successful. Otherwise, you could lead the machine to an inconsistent state, leading to a DoS, corrupting data and getting detected.