So far in this book, we haven't needed to connect to a network for anything. In this chapter, as we take a step toward learning network penetration testing, we will connect to a network. This will allow us to launch more powerful attacks and get more accurate information. If a network doesn't use encryption (in other words, if it's an open wireless network), we can connect to it and sniff out unencrypted data. If a network is wired, we can still try to connect to it, perhaps through changing our MAC address. The main issue we might encounter is a network using encryption (such as WEP, WPA, or WPA2). If we do encounter encrypted data, we need to know the key to decrypt it, that's the main purpose of this chapter.

If your target network uses some sort of encryption, you can't really get anywhere unless you decrypt it. In this chapter, we will discuss how to decrypt WEP, WPA, and WPA2 encryptions.

This chapter will cover the following topics:

• WEP theory
• Basic web cracking
• Fake authentication attack
• ARP request replay
• WPA introduction
• WPA cracking
• Handshake theory
• Capturing handshakes
• Creating wordlists 
• Wordlist cracking
• Securing network from attacks