Instead, I added a UNC path to a fake share on my system, and the system graciously handed me the hash from the account that JBoss was configured to run as.
First, make sure you have access to the jmx-console:
Next find "jboss.deployment:"
If it works, you should immediately see your hash come across in your fake SMB server:
There you go! A fresh hash for your cracking pleasure.