diff --git a/README.md b/README.md
index 09abf7a..d302668 100644
--- a/README.md
+++ b/README.md
@@ -167,6 +167,7 @@
 - [内网常见渗透工具包](https://github.com/yuxiaokui/Intranet-Penetration)
 - [从内存中加载 SHELLCODE bypass AV查杀](https://github.com/brimstone/go-shellcode)|[twitter示例](https://twitter.com/jas502n/status/1213847002947051521)
 - [流量转发工具-pingtunnel是把tcp/udp/sock5流量伪装成icmp流量进行转发的工具](https://github.com/esrrhs/pingtunnel)
+- [内网渗透-创建Windows用户(当net net1 等常见命令被过滤时,一个文件执行直接添加一个管理员【需要shell具有管理员权限l】](https://github.com/newsoft/adduser)|[adduser使用方法](./adduser添加用户.md)  
 
 ## 书籍相关
 
diff --git a/adduser添加用户.md b/adduser添加用户.md
new file mode 100644
index 0000000..9d7463a
--- /dev/null
+++ b/adduser添加用户.md
@@ -0,0 +1,20 @@
+### adduser 单文件添加用户  
+
+>【内网渗透-创建Windows用户】  
+
+> Ps: net net1 等常见命令被过滤    
+
+![](./img/adduser1.png)  
+![](./img/adduser2.png)  
+
+> 简介：adduser项目以编程方式创建“本地管理员” Windows用户。需要管理员权限。创建的用户被硬编码为以下内容：  
+
+> 默认登录名：audit 密码：（Test123456789! ）  
+![](./img/adduser3.png)  
+![](./img/adduser4.png)  
+
+> [你可以在源码中自定义修改账号密码](https://github.com/newsoft/adduser/blob/master/adduser.c#L39)  
+
+![](./img/adduser5.png)  
+
+> 内容来自 https://twitter.com/jas502n/status/1214413798330601472  此处仅作学习保留
\ No newline at end of file
diff --git a/img/adduser1.png b/img/adduser1.png
new file mode 100644
index 0000000..bc6104e
Binary files /dev/null and b/img/adduser1.png differ
diff --git a/img/adduser2.png b/img/adduser2.png
new file mode 100644
index 0000000..2b2ffae
Binary files /dev/null and b/img/adduser2.png differ
diff --git a/img/adduser3.png b/img/adduser3.png
new file mode 100644
index 0000000..6d5676c
Binary files /dev/null and b/img/adduser3.png differ
diff --git a/img/adduser4.png b/img/adduser4.png
new file mode 100644
index 0000000..eb4aa33
Binary files /dev/null and b/img/adduser4.png differ
diff --git a/img/adduser5.png b/img/adduser5.png
new file mode 100644
index 0000000..a15bb47
Binary files /dev/null and b/img/adduser5.png differ