Cracking WPA and WPA2 encryption are certainly within the realm of most any penetration testing statement of work. Other places we will encounter passwords will require different tools and techniques, so this seems like a great time to discuss our options and potential approaches. In each of these, we will need to consider both how we capture the information, and what we apply to that information to extract the credentials or passwords we will need to further exploit our targets.

Capture methods vary greatly based on the medium (wired, wireless), the test box's placement (inline, promiscuous, remote) and the vector (web, e-mail, application, and so on). Several of the capture methods are discussed in the following ...