After getting the admin access hackers are Uploading their control penal (that’s call shell). Shell allows hackers to hack/deface the website and using the shell hacker can get root access. Sometime hackers left the shell in vulnerable sits. And here is some Google dorks which helps you to find the shells.
“Index of /sh3llZ”
You can see in the above figure there are some shells like c99.php , c100.php etc. using that shell u can upload your shell and you can also deface that site.