PHP Hop | What is Penultimate hop Popping and What is its use?

PHP hop:- Penultimate hop pop could be a perform, performed by certain routers in associate MPLS enabled network (PHP Network).
it refers to the method whereby the outer label of associate MPLS labeled packet is removed by a label switch router (LSR) before the packet is passed to associate adjacent Label Edge Router (LER).
the profit is that the LSR should do a label operation anyway and it does not create a distinction whether or not this ends up in a label swap or POP.
However, for the LER this protects one cycle of label operation.
PHP is penultimate hop hopping (PHP hop) means to take away the label one hop before its destination.
therefore, It refers to the method whereby the outer label of associate MPLS PHP labeled packet is removed
by Label Switch Router (LSR) before the packet is passed to associate adjacent Label Edge Router.
php hop

The Concept of PHP HOP (Penultimate Hop Popping)

The process is vital in an exceedingly Layer three MPLS VPN environment because HOP PHP reduces the load on the LER.
therefore, If this method didn’t happen, the LER PHP routers would be got to perform a minimum of two label inspections:

The outer label, which characteristic that the packet was destined to possess its label stripped on this router.
The inner label, to spot that Virtual PHP Routing and Forwarding (VRF) router instance to use to perform the following IP search.

Introduction php hop

PHP Hop: Massive Network

In the PHP Hop, there’s the massive network, this might lead to a heavily loaded processor within the LER router, reaching unacceptable saturation levels.
furthermore, By having PHP on associate LER router on the LSRs connected to that, therefore, the load is distributed to neighboring routers.
moreover, to avoid this additional work on the preceding (ultimate Popping) latest LSR router, MPLS uses a feature known as PHP ( penultimate hop popping) ( Penultimate merely means that “1 but last”).

so, the penultimate hop isn’t the preceding LSR to method a labeled packet, however the second to last LSR to method a labeled packet.

PHP causes the penultimate-hop LSR to pop the outer label so the last LSR—the final hop if you will—receives a packet that only has the VPN label in it.

therefore, With only this single router label, the egress PE alphabetic character has to search only 1 entry within the LFIB.
MPLS PHP HOP

PHP Hop: Connected To Subnets or Aggregate Routes

Penultimate Hop pop is employed just for directly connected subnets or aggregate routes. within the case of a directly connected interface, Layer three operation is important to get the right next-hop
data for a packet that’s sent toward a directly connected destination.
therefore, If the prefix is an associate mixture (aggregate), a Layer three operation is also necessary to search out an additional specific route that then is employed to route the packet toward.

its correct destination. altogether different cases, the Layer two outward-bound packet data is on
the market inside the LFIB, and, therefore, a Layer three operation isn’t necessary, and
therefore the packet is often label switched.

Explanation:

With penultimate hop pop, the Edge-LSR will request a label pop operation from its upstream neighbors
within the SuperNet network.
the Washington router pops the label from the packet and sends a pure information processing packet
to the big apple router.
Then the big apple router will an easy Layer three operation and forwards the packet to its final
destination Penultimate hop pop is requested through TDP or LDP by employing a special label worth
(1 for TDP, three for LDP). therefore, is also referred to as the implicit-null worth.

once the egress LSR requests penultimate hop pop for Associate in Nursing information processing prefix.
the native LIB entry within the egress LSR and also the remote LIB entry within the upstream LSRs
indicate the imp-null worth and also the LFIB entry within the penultimate LSR indicates a tag pop operation.

PHP Hop: Metasploit

In this formula, you may find out how to use the Windows Meterpreter (Reflective Injection) and
Reverse Hop HTTP/HTTPS Stage payload. This payload permits the United States to tunnel communication
over Associate in Nursing protocol or HTTPS hop purpose. First, we’d like to transfer the hop.php file located in the metasploit framework/data/php/ directory to a far off server.
I’ll use the DigitalOcean driblet created within the previous instruction, however, you’ll use any internet server with PHP.

Getting Ready

root@Metasploit:~# apt install apache2 php7 libapache2-mod-php7

1	root@Metasploit:~# apt install apache2 php7 libapache2-mod-php7

Next, copy hop.php to the /var/www/html/ folder and start the Apache2 service:

root@Metasploit:~# systemctl start apache2

1	root@Metasploit:~# systemctl start apache2

Know How to do it

Note:
Now that we’ve got our PHP Hop prepared, we will use the windows/meterpreter/reverse_hop_http payload and build a binary with that we will compromise the target machine: