If you can do a packet trace, that's the easiest way. Otherwise you'd need a tool like SQLCrack or SQL Squirrel (from NGS Software) on the old server. If you can get a packet trace from your network guys when the application logs in, you can find the password fairly easily (assuming no encryption is going on for the connection):

An article I wrote takes you through the process of decrypting the password step-by-step:

SQL Server Security: Login Weaknesses

If you want to see the original references that detailed the weakness and how to utilize it, see the references at the bottom of the article.