Desktop Linux Password Stealer

Desktop Linux Password Stealer
Steel someones Linux password!
its a new "addon in metasploit"
This Metasploit module steals the user password
of an administrative user on a desktop Linux
system when it is entered for unlocking the screen
or for doing administrative actions using policykit.
Then it escalates to root privileges using sudo and
the stolen user password. It exploits the design
weakness that there is no trusted channel for
transferring the password from the keyboard to the
actual password verification against the shadow
file (which is running as root since /etc/shadow is
only readable to the root user). Both screensavers
(xscreensaver/gnome-screensaver) and policykit
use a component running under the current user
account to query for the password and then pass it
to a setuid-root binary to do the password
verification. Therefore it is possible to inject a
password stealer after compromising the user
account. Since sudo requires only the user
password (and not the root password of the
system), stealing the user password of an
administrative user directly allows escalating to
root privileges. Please note that you have to start
a handler as a background job before running this
exploit since the exploit will only create a shell
when the user actually enters the password (which
may be hours after launching the exploit). Using
exploit/multi/handler with the option ExitOnSession
set to false should do the job.