# Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
Since **PostgreSQL 9.1**, installation of additional modules is simple. [Registered extensions like `dblink`](https://www.postgresql.org/docs/current/contrib.html) can be installed with [`CREATE EXTENSION`](https://www.postgresql.org/docs/current/sql-createextension.html):
```sql
CREATE EXTENSION dblink;
```
Once you have dblink loaded you could be able to perform some interesting tricks:
The file `pg_hba.conf` could be bad configured **allowing connections **from **localhost as any user **without needing to know the password. This file could be typically found in `/etc/postgresql/12/main/pg_hba.conf` and a bad configuration looks like:
In this case and if the **`dblink`** function is **working**, you could **escalate privileges **by connecting to the database through an already established connection and access data shouldn't be able to access:
Abusing `dblink_connect` you could also** search open ports**. If that **function doesn't work you should try to use `dblink_connect_u()` **as the documentation says that _`dblink_connect_u()` is identical to `dblink_connect()`, except that it will allow non-superusers to connect using any authentication method_.