how to get the passkey to a wifi network

Question

So, here's my attempt at hacking my home network using wifite:

http://i1381.photobucket.com/albums/ah219/theabominablefox/firstHomeWifiAttempt_zpsiwdu16ap.png

Yes I do have permission from my own family to hack a device on my own home network with the owner's permission. That said, I want to gain access to the network key even though I already have it for penetration testing purposes.

Wifite is script that runs other programs right? I can find the clients' MAC addresses occasionally on my home network, but after that the attack always seems to fail. For some attacks it doesn't fail, but I set the timer for all night and it takes all night right? I get up and its still going, whether or not I found mac addresses. What the fark?! I set it for 18000 seconds, which is five hours. When I wake up the next morning it hasn't cracked anything and I would move onto the next attack but then class starts. Should I give it a longer time if I'm trying to test my home network?

My other question (I know it is but just in case), is cracking my own home network, with my family's (the owners of the network) permission illegal? Should I stop doing what I'm doing before I make it work?

Answer 1

I'm going to respond to your Title primarily, because it is the most concrete question in your post.

"Connections" don't really exist at Layer2 (wifi/ethernet/etc) so you "Connect" to a device simply by sending it a frame configured such that it understands what the frame is for, and what to do in response to it. if it wants to it may send you one back. In other words, Layer2 doesn't know what "conversations" are, just individual statements. The closest it comes to connections as TCP knows them, is fragmented frame reassembly.

so, you can send a message to another host from its mac address, but you have to send one it can process. a DHCP or ARP request are examples of such frames.

If you wish to exchange messages with the device over IP and all you know is its MAC, then you will have to use ARP to resolve its IP address. Then you have enough information to send it IP packets, and access TCP/UDP/ICMP services running on that device. nmap/zenmap are good tools for enumerating information about a device, including running services.

As for your desire to monitor the devices web traffic, you will want to look into network sniffing. The micro-segmented design common in modern networks however will make this difficult, as will Wifi encryption, so your first round of attacks will have to be on the network architecture, such that it makes the traffic to and from the device visible to you. In traditional wired Ethernet scenarios ARP attacks like floods and L2 MITM attacks were used for this purpose.

Network services on devices only send data for a reason, so unless a service has reason to send a list of its files to another host, it won't do so, and you won't be able to observe the traffic. At that point you will have to start attacking the network services running on the device in an attempt to get them to function for you, or malfunction in a way you want. This process is going to vary from device to device and service to service (and even with version and patch level) so a great deal of study will be required for each service you want to attack. Many devices will provide so little surface area for attack, that there is just nothing you can do to them without resorting to social engineering.