How to decrypt hash in Joomla?

Hello!
I learn Joomla vulnerabilities and I know that Joomla keeps passwords in crypted format:
md5($pass.$salt). How to get value of $salt? I think if I found it out, I can decrypt the password. Has another ways to decrypt it? Thanks.

Hey,

Here is a forum post that explores decryption and location of salt: https://forum.joomla.org/viewtopic.php?t=594793

Further read this topic, I think they have upgraded security for new versions. https://stackoverflow.com/questions/17064042/how-do-i-decrypt-and-encrypt-joomla-user-password-for-java-program

Finally md5 is a one way hash so decoding it is like guesswork and not exactly decryption.