Yeah I'm starting to think that may be my only option... especially if the router is the actiontec one I think it is, the password is going to be like 16-digits long as the default. I'll look into the attack and see what I can do... maybe I'll say something along the lines of "A router firmware update has been downloaded. Please enter your wireless password below to authorize installation." if I decide to do it. I'm still on the fence as to whether I really want to chance messing with them this much when I live right next to them...
There is an MDK3 attack that allows you to deauthenticate them repeatly until they downgrade their encryption standards to WEP. However, this requires social engineering. Like, "Hey Bob, have you had some issues with your internet? I had, but I fixed it by downgrading the encryption to WEP." He responds, "Yes. Can you show me how to fix it?" You say, "Sure!", then just downgrade the encryption and bam! You got access after decrypting the WEP key.
The Evil Twin attack can be difficult to pull as you need to write up a custom HTML file that resembles the router. However, if he's not tech savvy, you might just write up something very basic, he'll most likely fall for it.
Also, if you are willing to try to crack it, try using rainbow tables. Research more on it if you aren't familiar.
Edit: Once your in, and you want data, remember to use SSLSTRIP to decrypt the encryption mechanism of sites using HTTPS, or you wont be able to capture it. Most sites use TLS now, but some are still vulnerable, including Yahoo, MSN, etc. Or use Armitage to break into the devices on the network by automatically having Armitage exploit them for you.
