How to decrypt hash in Joomla?

I learn Joomla vulnerabilities and I know that Joomla keeps passwords in crypted format:
md5($pass.$salt). How to get value of $salt? I think if I found it out, I can decrypt the password. Has another ways to decrypt it? Thanks.


Here is a forum post that explores decryption and location of salt:

Further read this topic, I think they have upgraded security for new versions.

Finally md5 is a one way hash so decoding it is like guesswork and not exactly decryption.