I keep seeing time and time again, people asking on various forums whether or not cracking WPA without a wireless client was possible. It pained me to see the majority of responses indicated that it was not possible; so I decided to write a PoC that would demonstrate that it was possible (although not exactly practical). My motivation was based around the fact the information getting posted, wasn't exactly accurate. Possible? Yes. But not easy.

I'm not posting it here to get on a high horse or anything, just for those who may be interested.

The current script is a simple bash wrapper around the wpa_supplicant and wpa_cli tools, which I smashed together in an evening. I'm sure a much more efficient tool could be created, perhaps based on pylorcon2. But that's for another day

http://wi-fu.co.uk/wi-fi/wpa-attacks...reless-clients