Getting salt from known hash and pass
So if i have say the following hash (example hash from the wiki):

And I know that it uses a salt, and i know the password is 'hashcat', how can I brute-force the salt?

My first thought was to do something like
'hashcat -a 3 -m 20 8743b52063cd84097a65d1633f5c74f5:hashcat'
But I'm not exactly sure this is correct... thoughts?
Yep - not to self-promote too much, but I answered it here:

The key concept is that the salt is actually part of the password, so you're trying to crack part of the password when you know part of it. So the attack just needs to match the pattern of how the salt is added to the hash. If it's in hashConfusedalt form, you're literally attacking it as if you're trying to find "hashcat:XXXX" where XXXX is the salt.

Much easier if you know the expected salt length and character composition. And still subject to the same restrictions as normal attacks - if you know the salt is long and random, it'll be just as hard (or impossible) as if you were attacking a password that was that long and random, etc.

And as always. you can validate your methodology by trying it against a known (synthetic) target first.