Ten, twelve years ago this exploit was the shit. I was in the military at the time and used Backtrack r5 lots while traveling around to get internet when I didn’t have access. All it has to do is guess a 4 digit code and a 3 digit code separately, once you hit success on the WPA PIN you get the SSID and password. Takes a couple hours if it’s not a default PIN IIRC. Coolest script kiddie thing I did since sending Sub7 to people back in the early 00s.
These days I don’t really bother. You might be able to pull it off on some really old hardware which does exist, but anyone who got a router in the past 6-8 years likely wouldn’t be susceptible. Might as well try exploiting your own router just to see.
Just do the cheap unlimited personal plan and hook up a shit load of external HDDs to your PC. I have a system where my NAS syncs to my PC which syncs to Backblaze so I can sorta hack my way into unlimited NAS backup for $10/mo.
3-2-1 backup where the primary source of data is the NAS, on site backup is desktop PC external HDDs, off site backup is Backblaze.