i really have no more idea about this mission
the vulnerability of the code is that eval might run the code more than once...
for example first $y is changed with it's contents then again eval("\$getit = xxx;") will be executed
the fact is that there's a bunch of possible things can be entered here.. some cases:
1: `/etc/bin/moo`
which is the shortest possible and will put answer to getit
2: "";echo `/etc/bin/moo`
3: 0;exec('etc/bin/moo')
4: 0;system('etc/bin/moo')
5: 0;passthru('etc/bin/moo')
6: 0;pcntl_exec('etc/bin/moo')
all of them can be used with double quotes too.. all of them can be assigned to getit else of using semi-colon to close the first statement...
i have used all possible things... but the question is: AM I SUPPOSED TO DO BRUTEFOCE to pass this fucking mission??
unfortunately these days HTS has changed it's path... it has become more a logic site than a hack related site...

FUCK