Hashcat
What is hashcat ?, is a great tool, is a advanced password recovery tool :). Everything what you need you can find here https://hashcat.net/hashcat/
Short story
During penetration testing I was able to find user name admin and password hash 41f26dc8435d1f633b1a3c4a30a0d882f645d5a6 with salt szalek. It was quite easy to figure out, that system was create base on Open Source Software. I was able to find a piece of code that generate password.
Now we have everything but we don't have plain text password, we have all the pieces of the puzzle and we have hashcat.
What we have to do ?
That part is quite easy, first, you have to have is a list of passwords. Under those links you will find dumps form various leaks. link 1 and link 2
Hashcat time
First you have to create file hash_to_crack.txt with one line 41f26dc8435d1f633b1a3c4a30a0d882f645d5a6:szalek as you see here we have hash and salt sepereate by colon if you are ready please execut this. (-m 110 mean SHA-1 more about hash mode)
in this case it will take a secend to restore your password....
Dictionary cache built:
\* Filename..: rockyou.txt
\* Passwords.: 14344391
\* Bytes.....: 139921497
\* Keyspace..: 14343296
\* Runtime...: 1 sec
41f26dc8435d1f633b1a3c4a30a0d882f645d5a6:szalek:123456
Session..........: hashcat
Status...........: Cracked
Hash.Type........: sha1($pass.$salt)
Hash.Target......: 41f26dc8435d1f633b1a3c4a30a0d882f645d5a6:szalek
Time.Started.....: Sat Dec 30 23:45:31 2017 (0 secs)
Time.Estimated...: Sat Dec 30 23:45:31 2017 (0 secs)
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 6501.6 kH/s (1.05ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 8192/14343296 (0.06%)
Rejected.........: 0/8192 (0.00%)
Restore.Point....: 0/14343296 (0.00%)
Candidates.#1....: 123456 -> total90
HWMon.Dev.#1.....: N/A