Like sojourner said, first step is to use aircrack-ng to get into their wireless network, then sniff the packets coming from their computer. However, Hotmail uses SSL (https). So even if you do capture the network traffic, you won't be able to decrypt his password without Hotmail's private key (which you won't be able to get). One of the ways I can think of for getting his Hotmail password is to set up a keylogger on his computer. Social engineering will come in handy here. Another option would be to set up your own Hotmail spoof site. Host this on your laptop using Apache, then change the HOSTS file on his computer to redirect hotmail.com to your laptop's IP (this is after using aircrack to get into his network). Finally, you could just social engineer the password from him, no Wi-Fi hacking required. Remeber that you don't necessarily have to social engineer the password itself, the answer to his recovery question is going to be sufficient. It's a lot easier to ask someone "What was your favourite teacher's name?" than "What's your Hotmail password?". I believe Hotmail also requires their postal code, which shouldn't be too hard to get.