Most of the steps are the same, except instead of sending an URL as the oauth_callback to request_token, you should just send the value “oob”. From https://dev.twitter.com/docs/auth/oauth#oob:
out of band mode - Instead of providing a URL-based callback when acquiring a request token, “oob” is supplied. Once the user has given Twitter their account credentials, they are presented with a screen containing a PIN code and are asked to enter this code into the application. The application then sends this PIN as an oauth_verifier to the access token step to complete the exchange.
Your application will still generate the authorization endpoint URL and ask the user to visit it (either by printing the URL or running a system command to open a web browser to the specified location) at which point the user will be shown a PIN code they should enter into your application. The rest of the flow is pretty much the same.