Depends on the encryption of the wifi. If it’s WEP, then its generally fairly easy to crack using Aircrack-ng. However, WPA/WPA2 two will need to be forced with the following methods, these are just a few to keep in mind:
-The evil twin method: Launch a DOS (via De-auth requests) against one of the registered computers on the targeted wifi network, forcing the user to be disconnected. From there, set up your own little honeypot with the same ESSID & BSSID as the other wifi network and try to effectively trick the person to try logging in to your connection. At that point you’ll see the password that was entered through the other computer’s attempted access. From there you could alse allow the user on and let the honey-potting begin! 🙂
-Bruteforce via Aircrack-ng by capturing a WPA/WPA2 handshake from the targeted wifi by de-authing a user on the network, and then waiting for the re-connection reply sent. From there take the capture file, and crack the password via wordlist or Charlist. (Takes the most time, however more likely to have success if you have enough patience to wait that long for results.)
-WPS-PSK pin cracking – basically trying random combinations of pin numbers until the right one is found. A good program for this is REAVER, if you don’t want to do it manually.
These are common methods; however, there are many more.
-To perform these attacks I recommend the Aircrack-ng package and Wireshark programs.
Another Way :
Use Dsploit, aircrack-ng 411 (kali linux), create a network map, then use bluejack to get cold-storage passwords for WEP, or WPA enterprise.
If it’s as simple as WPA, WPA-2, you can use airmon-ng.
If you’re really, really good, you can do the same as me, & load all these items into a phone.
It requires a rooting, which may take a few hours, but considering phones have AWFUL antennas for wifi listening, don’t expect to get much information without using a bluejacking.
FINAL WAY…Just kidding, but somewhat true:
Foolproof methods:
~Hold a loaded gun to the homeowners head and ask for the wifi password.
Less foolproof but almost there:
~Wait until he is gone, go into his house, get on his PC.
Follow the instructions from superuser to show the characaters of the WIFI password assuming his computer is connected to it:
“In the computer that can connect to the network, type Manage wireless networks into the start menu search. Right click on the properties for the network you want and click Properties. In the security tab you should see an option to Show characters.
This will reveal your WiFi password that computer remembers.”
source: https://superuser.com/questions/424624/is-the-wifi-password-stored-somewhere-in-windows-7
I haven’t tested this myself, but it seems like it would work.
Difficult:
~Use a program like Aircrack-ng, or attempt to hack the router.
CONCLUSION: These methods take serious effort or risk, and the reality is that it just makes more sense to pay a few dollars a month for a portable wifi hotspot (about the same cost per month as a burner phone), get the service from an ISP that price gouges your area, or to go to the nearest cheap hotel and sit in the parking lot. If it was so easy, everyone would do it.