Aircrack/Cracking
From charlesreid1
Contents
The Basics
To crack a WPA passphrase with aircrack is pretty simple, as long as the password is in the wordlist you feed aircrack.
$ aircrack-ng -w my_wordlist.txt my_capfile.cap
The Tricks
The tricks are all related to how you pick your wordlist.
Generating Raw Wordlists
You can create a raw wordlist using Cewl. You feed it a URL, it crawls the page, and it builds wordlists from the result. Be patient and choose your max depth wisely.
More information on basic usage of Cewl: Cewl
More on processing the output of Cewl to make wordlists more useful: Cewl/Wordlists
Obtaining Password Lists
It's always worthwhile to check the easy passwords, like '12345678' and 'password', to potentially save yourself a lot of time. Lists of common passwords are available on the web, but one good one I like is SecLists on GitHub https://github.com/danielmiessler/SecLists
Generating Passwords
John the Ripper is an excellent password cracker, but it is also good at generating passwords from wordlists. You can use some canned command line options to make it try no variations, some variations, or go hogwild, but you can also be more precise and give it rules for things to try.
The wordlists generated by Cewl are useful to feed to John the Ripper to come up with longer lists of passwords to try.
Notes on generating passwords from wordlists with John the Ripper: John the Ripper/Password Generation