Yep - not to self-promote too much, but I answered it here:
https://security.stackexchange.com/a/171922/6203
The key concept is that the salt is actually part of the password, so you're trying to crack part of the password when you know part of it. So the attack just needs to match the pattern of how the salt is added to the hash. If it's in hashalt form, you're literally attacking it as if you're trying to find "hashcat:XXXX" where XXXX is the salt.
Much easier if you know the expected salt length and character composition. And still subject to the same restrictions as normal attacks - if you know the salt is long and random, it'll be just as hard (or impossible) as if you were attacking a password that was that long and random, etc.
And as always. you can validate your methodology by trying it against a known (synthetic) target first.
https://security.stackexchange.com/a/171922/6203
The key concept is that the salt is actually part of the password, so you're trying to crack part of the password when you know part of it. So the attack just needs to match the pattern of how the salt is added to the hash. If it's in hashalt form, you're literally attacking it as if you're trying to find "hashcat:XXXX" where XXXX is the salt.
Much easier if you know the expected salt length and character composition. And still subject to the same restrictions as normal attacks - if you know the salt is long and random, it'll be just as hard (or impossible) as if you were attacking a password that was that long and random, etc.
And as always. you can validate your methodology by trying it against a known (synthetic) target first.
~