I had to do this a long time ago for my brother's phone because he couldn't remember the password on the backup. I used a program called Elcomsoft Phone Password Breaker Pro (err not a legal copy.....). Not sure how much has changed since then for iTunes' backups, as this was probably for an iPhone 3/4.
Using their default options I didn't get anywhere because it takes too long to go through every possible combination, and their dictionary was very limited, but I downloaded a few hacked password lists online and fed those through it, and it eventually managed to get the password in under 20 seconds. But it ended up just being a single word because my brother is not great with passwords.
If the password is a combination of common words using common permutations (ie numbers on the end, letter/number substitutions, additional characters), you've got an ok chance of cracking it. If the password is a combination of your 5 favourite Ugandan warlord names followed by 10 random ascii characters, you're probably out of luck. Theoretically any password could be cracked with enough time, it's just a matter of whether it's realistically feasible.