Well AFAIK Webmin sessions could be sniffed locally unless SSL is being used, since its a default install it may be using SSL with the default Webmin certificate which is not a true SSL certificate and could be forged or stolen. If they are not using the default cert you could try attacking SSL itself, not sure if any of the recent vulns would be useful for this but you could start there.

-Maestr0