My question is: If the host's internet connection is trough router, how can i scan this host and later do penetration test?
"The goal of every man should be to continue living even after he can no longer draw breath."
You have to get the key from the Keymaster. Then present it to the Gatekeeper at the gateway.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
The easiest way to get a good connection with your neighbours wireless is to go round to his house, knock on the door, politely explain that you are trying to steal his internet connection, and then bend over, and ask him to shove the router where the sun dont shine.
Then you've managed to access his router with a completely new type of 'crack'
There's no way to configure the target's router externally unless the routers configuration is really stupid (Allowing anyone to remote control and having default creds).
In short, take the advice of those above me. If you've gone so far as to set up a lab which you actually have permission to do this on you'd likely not be asking this question.
Wow! I'm speechless at the idiocy of this post