Vulnarex | Elite Cybersecurity Learning Platform

#IP Addressing and Subnetting for Hackers#link

Understanding IP addressing is like understanding street addresses — without it, you cannot find your target, scope your engagement, or navigate a network during a penetration test. In this lesson, we will cover IPv4 addressing, subnet masks, CIDR notation, and the address ranges that matter most in offensive security.

IPv4 Address Structure

An IPv4 address is a 32-bit number, typically written in dotted-decimal notation (e.g., 192.168.1.100). Each octet represents 8 bits, so the range of each octet is 0–255. The address is divided into two parts: the network portion (which identifies the network) and the host portion (which identifies the specific device). The subnet mask determines where the division falls.

text

Example: 192.168.1.100 / 255.255.255.0

Binary IP:    11000000.10101000.00000001.01100100  (192.168.1.100)
Binary Mask:  11111111.11111111.11111111.00000000  (255.255.255.0)
              ─────────────────────────────────
Network:      11000000.10101000.00000001.00000000  (192.168.1.0)
Host:                                    .01100100  (100)

CIDR Notation: 192.168.1.100/24

Private vs. Public IP Addresses

Not all IP addresses are routable on the public internet. RFC 1918 defines private address ranges used internally by organizations. During a penetration test, you will almost always encounter these ranges inside the target network.

Class	Private Range	CIDR	Number of Hosts
A	10.0.0.0 – 10.255.255.255	10.0.0.0/8	16,777,214
B	172.16.0.0 – 172.31.255.255	172.16.0.0/12	1,048,574
C	192.168.0.0 – 192.168.255.255	192.168.0.0/16	65,534

info

💡 The 10.0.0.0/8 range is extremely common in large enterprises. If you compromise a host with an IP in the 10.x.x.x range, you are likely inside a substantial internal network with many potential targets.

CIDR Notation and Subnetting

CIDR (Classless Inter-Domain Routing) notation is a compact way to express the subnet mask. The number after the slash indicates how many bits are set to 1 in the subnet mask. For example, /24 means the first 24 bits are the network portion (equivalent to 255.255.255.0).

CIDR	Subnet Mask	Total Usable Hosts
/32	255.255.255.255	1 (single host)
/30	255.255.255.252	2
/28	255.255.255.240	14
/24	255.255.255.0	254
/16	255.255.0.0	65,534
/8	255.0.0.0	16,777,214

Quick Subnet Calculation for Hackers

During a pentest, you often need to quickly determine the network range of a target. Here is a practical approach using your Kali machine:

Determine Your Network Range

root@vulnarex:~#ip route | grep default

Get Full Network Info

root@vulnarex:~#ip addr show eth0

Special Addresses to Know

▪127.0.0.1 — Loopback (localhost). Services bound only to this address are not accessible from the network.
▪0.0.0.0 — Represents 'all interfaces' or 'any address.' Often used in routing tables.
▪255.255.255.255 — Limited broadcast address. Packets sent here reach all hosts on the local segment.
▪169.254.x.x — Link-local (APIPA). Assigned when DHCP fails. Seeing these may indicate network misconfiguration.

callout

When scoping a penetration test, always confirm the target IP ranges in writing. Scanning the wrong subnet — especially in cloud environments where you might not know who owns neighboring IPs — can have serious legal consequences.

quiz BLOCK (★ 50 XP)

You discover a compromised host with IP 172.16.5.50/12. What is the network range you should investigate for lateral movement?

Select your proof vectors above