Си полезно знать для того что-бы рыться в исходниках опенсорса - в поисках дыр.
Ассемблер полезно знать для реверсинжинеринга не опенсорса и в принципе для понимания что к чему.
А вообще не на том ресурсе вы задаёте этот вопрос и главное не раскрыли значение слова "систем", да и тему вы подняли на которую в формате Q&A не ответишь.
Да к слову, напомню про Уголовный кодекс - так, на всякий случай.

You can also "crawl" through a web application))
Well, let me explain how this is done using the example of FTP. (Random example)
Let's say someFtp is running on the server.
And you decided to find out if you can climb through it.
You put it on your car, fuzzy (google "fuzzing").
You found some kind of overflow in it. This is where ASM and RE skills come in handy.
You cut the whole thing in gdb, dig what and how and whether this hole can be exploited.
For example, you figured out that you get control of the stack and can overwrite EIP.
Further, using for example ROP style (return oriented programming) you force to transfer control to your shellcode. (You take it, for example, from some kind of bind_tcp/reverse_tcp metasploit).
Well, something like this.
But that's it, if you yourself want it, usually when they conduct a pentest, they check for known holes.

They look for weaknesses and break. You definitely need to know C in order to at least read it :-)

To set a ready-made exploit on a site, you don’t need to know anything at all. And when searching for vulnerabilities without having a source code or even a binary, you need as much knowledge as possible about all related areas. Since holes usually happen when programmers and admins use a tool, technology, the language does not fully understand how it all works. SQL injection is the best example of that. However, there are less and less holes in the software now, it is now fashionable to look for holes in people's brains.

For hacking web applications, read about XSS and SQL Injection. You need to know html, javascript, understand php. Asm, C and Unix will not be needed ... Although they definitely will not be superfluous! )