It would depend on the type of exploit they use.
The recent Greasemonkey exploit was entirely software-based. You just had to send certain requests to read files off the user’s computer, and greasemonkey would perform them.
A standard Buffer overflow exploit, on the other hand, probably requires knowledge of the memory architecture, how the stack is allocated, and probably some assembly. At the very least it would require knowing the chip architecture so that the code inserted would be runnable. You might be able to get around knowing some of the other stuff with a special compiler setup.
I’m sure there are other types of exploits that require very detailed knowledge of the hardware itself.
Also, while “hacker” is a commonly used word for someone exploiting systems, most coders don’t use “hacker” in a necessarily negative way, and prefer the word “cracker” to be used for such people. Which one is better has been the subject of countless debates (some of them here), but “cracker” has the benefit of being unambiguous.