First try with descriptions and hints below, then check out the scripts.
It is the simplest command injection. Just escape ' and run commands.
Cmd injection with blacklist. Use \ for " escape and run ./get_flag binary with proper argument and std input.
SQL injection in Django REST framework. Find correct CVE and read password and username columns from auth_user where ID=3.
Blind sql injection. Read about it and bruteforce encrypted flag char-by-char (one at time). Preferably using binary search. Then decrypt the flag using /captcha endpoint.
Template injection. Find a way to get back results of the system("") call. For example use reverse-shell.