Fix tcp_malformed_options_detection scoring

Typo defaulted @vxworks_score and @ipnet_score to 100 instead of -100.
This commit also refactors the method to align with the others.

modules/auxiliary/scanner/vxworks/urgent11_check.rb

@@ -146,33 +146,38 @@ class MetasploitModule < Msf::Auxiliary
     # IP destination address
     pkt.ip_daddr = ip
 
-    # TCP packet with malformed options
+    # TCP SYN with malformed options
+    pkt.tcp_dst       = port
     pkt.tcp_flags.syn = 1
-    pkt.tcp_dst = port
+    pkt.tcp_opts      = [2, 4, 1460].pack('CCn') + # MSS
-    pkt.tcp_opts =
+                        [1, 2].pack('CC') +        # NOP
-      [2, 4, 1460].pack('CCn') + # MSS
+                        [3, 2].pack('CC') +        # WSCALE with invalid length
-      [1, 2].pack('CC') +        # NOP
+                        [3, 3, 0].pack('CCC')      # WSCALE with valid length
-      [3, 2].pack('CC') +        # WSCALE with invalid length
-      [3, 3, 0].pack('CCC')      # WSCALE with valid length
     pkt.recalc
 
-    pkt.to_w
+    res = nil
-    res = inject_reply(:tcp)
+
+    datastore['RetransmissionRate'].times do
+      pkt.to_w
+      res = inject_reply(:tcp)
+
+      break unless res
+    end
 
     unless res
-      @vxworks_score = 0
+      return @vxworks_score = 0,
-      @ipnet_score = 50
+             @ipnet_score   = 50
-      return
     end
 
-    if res.tcp_flags.rst == 1
+    if res.tcp_flags.rst == 1 &&
-      @vxworks_score = 100
+      res.tcp_dst == pkt.tcp_src && res.tcp_dst == pkt.tcp_src
-      @ipnet_score = 100
+
-      return
+      return @vxworks_score = 100,
+             @ipnet_score   = 100
     end
 
-    @vxworks_score = 100
+    return @vxworks_score = -100,
-    @ipnet_score = 100
+           @ipnet_score   = -100
   end
 
   def tcp_dos_detection(ip, port)