Furrow
Assess the YieldPulse precision agriculture platform. Register an operator account, explore the API, and follow the data wherever it leads.
The Scenario
YieldPulse is a precision agriculture SaaS platform serving farm operators across the Midwest.
You've been handed a scope document covering their public-facing infrastructure. Create an
operator account and start exploring — the agronomist-tier features are locked, but the
access controls may not be as solid as the marketing page suggests.
Lab Intel
Synopsis
A multi-service agriculture platform with a chain of vulnerabilities spanning JWT handling, SQL injection, token forgery, and a WebSocket authorization bypass. Each step unlocks the next.
Architecture
A medium-difficulty lab built around realistic authentication and authorization flaws. The attack chain crosses three subdomains and two transport protocols.
Who It's For
Pentesters comfortable with web fundamentals who want to practice chaining vulnerabilities across services and protocols.
Skills You'll Practice
- JWT analysis and forgery
- SQL injection (error-based and UNION-based)
- API enumeration and role-based access testing
- WebSocket protocol analysis
- IDOR exploitation
What You'll Gain
- Understand how JWT kid header fields can become injection points
- Learn to chain vulnerabilities across multiple services and subdomains
- Recognize when HTTP authorization controls don't extend to WebSocket handlers
- Practice pivoting through application data to discover new attack surfaces