If /etc/passwd has weak permissions, then passwords in it can be replaced (since Linux systems still use the password hashes in /etc/passwd preferentially to those in /etc/shadow). This means that we can just directly add root-equivalent users directly there (remember that the UID and primary GID can be duplicated!).
To generate a password acceptable for inclusion in /etc/passwd:
openssl passwd -1 -salt $SALT $PASSWORD