most likely "shell access" was confused with execution of "shellcode" which is a type of code, typically bytecode, that gets injected by the hacker and the server gets tricked into executing it. Once it's executed, it can do anything, leave new files, open ports, disable firewalls, change the admin password, etc
Shellcode is usually weirdly formed native machine code, typically written in a "return-oriented programming" style, that can be inserted with a buffer overflow and somehow jumped to. But usually not bytecode.
It was not - attacker ran an exploit that have him a remote shell access. No shellcode was involved (that's for binary exploits which is not what happened here)