Yesterday a friend called me asking me how could he recover a windows xp user's password...

Nothing came to my mind...

I'll aprecciate the help, thanks!

Recover from what? Did the computer crash, has he forgotten it? More details could add tothe helpfulness of a solution.

Yes, he just forgot it... no crash down present

Try booting up in safe mode. Use the administrator user account and then change the user's password.

If he your friend has forgotten the administrator password , he won't be able to do the safe mode trick. Otherwise, that is the best option. If that doesn't work, there is a program available to help with this problem. I hesitate to recommend it though, because it costs $90.00. Here is the link, however. Information on how to use it can be found at annoyances.org. I'm looking for the file(?) that XP stores password information in to help find a free solution, but so far no luck. Sorry.

WindowsXP uses very very weak md4 hash algorithms to encrypt passwords.

your options are brute forcing it with johntheripper, or hash insertion (simply making up a new password, hashing it, and saving it over the old hash)

unless you used drive encryption, hash insertion should work fine.

do you have access to a *nix rescue cd ? (for example knoppix)
if so, ther is a porgram called ntpassword for re-setting passwords (hash insertion of the SAM file)