If hashing is one way, why can we decrypt MD5 hashes?

Hashing is not encryption (it is hashing), so we do not "decrypt" MD5 hashes, since they were not "encrypted" in the first place.

Hashing is one-way, but deterministic: hash twice the same value, and you get twice the same output. So cracking a MD5 hash is about trying potential inputs (passwords) until a match is found. It works well when the input is "a password which a human user came up with" because human users are awfully unimaginative when it comes to choosing passwords.

You cannot "decrypt" MD5.

What you can do is try to match a large number of possible inputs in the hopes of stumbling upon the input that matches your hash. There are several attacks against the MD5 algorithm that makes this significantly easier.