Cracking WPA and WPA2 encryption are certainly within the realm of most any penetration testing statement of work. Other places we will encounter passwords will require different tools and techniques, so this seems like a great time to discuss our options and potential approaches. In each of these, we will need to consider both how we capture the information, and what we apply to that information to extract the credentials or passwords we will need to further exploit our targets.
Capture methods vary greatly based on the medium (wired, wireless), the test box's placement (inline, promiscuous, remote) and the vector (web, e-mail, application, and so on). Several of the capture methods are discussed in the following sections, with Wireshark and Ettercap both having a role, as well as the previously discussed airodump-ng
tool. Each of these tools will provide us with either recorded streams of traffic (captures) or live flows that can be manipulated in real time...