Usually hackers upload shell to victim’s site using the vulnerability in that website. Shell allows hackers to hack/deface the website. Sometimes hackers left the shell in the vulnerable sites. Here is simple google search allows you to find a shell uploaded by hackers.
Use one of the following google dork to find the shell:
- intitle:index of/sh3llZ
- “Index of /sh3llZ”
This will show the list of sites that has a sh3llZ folder. Probably, there will be link to c99 shell. If you click the link, it will land you in a shell page. Using that shell, you can upload your own shells or deface the sites.