How do you capture and crack a Net-NTLMv1 hash using Wireshark and Hashcat?

First, enable Net‑NTLMv1 on the client by setting `lmcompatibilitylevel` to 0 in the registry. After capturing the NTLM authentication with Wireshark, extract the Challenge (8 bytes) from the server’s response and the LM Response and NTLM Response from the client’s response. Format the data as `username::hostname:LM response:NTLM response:challenge` and use Hashcat with `-m 5500` for dictionary cracking. For example: `hashcat -m 5500 log1::WIN-BH7SVRRDGVA:fec9b082080e34ba...:51acb9f9909f0e3c...:8d2da0f5e21e20ee /tmp/password.list`. This method is detailed in the original article.